Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Arestocrat malware takes over! Held hostage [Solved]


  • This topic is locked This topic is locked

#1
Dadellaad

Dadellaad

    Member

  • Member
  • PipPip
  • 15 posts
I'm completely at a loss. I have been having an issue for a few months within Windows 7 running through Parallels on a Mac (OS X 10.7.5). When I click on a link within Google, Yahoo, etc.. I get redirected to another site. While this was a nuisance, it was manageable until today. I clicked on a link and was again redirected. Then a download window popped up and disappeared within a couple seconds. Next thing I knew my screen was taken hostage. I was unable to do anything within Windows. Fortunately, I was able to toggle to the Mac side and see the programs running within Windows. There were 2 that I did not recognize (FileZilla & Arestocrat). I then googled Arestocrat and found this website. I have since entered SafeMode with Networking and downloaded OTL. I selected "Quick Scan" and have both OTL.txt & Extras.txt files. This is as far as I am able to go without potentially ruining my computer. Please help.
  • 0

Advertisements


#2
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
This is the OTL.txt file:

OTL logfile created on: 5/30/2013 4:55:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scottdangora2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 62.61% Memory free
3.00 Gb Paging File | 2.52 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 62.86 Gb Free Space | 62.86% Space Free | Partition Type: NTFS

Computer Name: SCOTTDANGORA821 | User Name: scottdangora2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/30 16:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/24 11:21:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/03/30 05:55:08 | 000,037,120 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe -- (Parallels Coherence Service)
SRV - [2013/03/30 05:50:14 | 000,085,248 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll -- (prl_uprof)
SRV - [2013/03/30 05:50:08 | 000,172,288 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe -- (Parallels Tools Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/22 09:45:58 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/04/16 11:40:13 | 000,120,576 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_pv64.sys -- (prl_pv64)
DRV:64bit: - [2013/03/30 05:50:06 | 000,019,200 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\prl_time.sys -- (prl_time)
DRV:64bit: - [2013/03/30 05:50:04 | 000,040,192 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_strg.sys -- (prl_strg)
DRV:64bit: - [2013/03/30 05:50:04 | 000,028,288 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_tg.sys -- (prl_tg)
DRV:64bit: - [2013/03/30 05:50:02 | 000,055,552 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_sound.sys -- (prl_sound)
DRV:64bit: - [2013/03/30 05:49:40 | 000,021,760 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_mouf.sys -- (prl_mouf)
DRV:64bit: - [2013/03/30 05:49:36 | 000,021,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_memdev.sys -- (prl_memdev)
DRV:64bit: - [2013/03/30 05:49:34 | 000,157,440 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\prl_kmdd.sys -- (prl_dd)
DRV:64bit: - [2013/03/30 05:49:24 | 000,199,424 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\prl_fs.sys -- (prl_fs)
DRV:64bit: - [2013/03/30 05:49:16 | 000,048,384 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\prl_boot.sys -- (prl_boot)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/23 01:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://charon.med.strykercorp.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D0 D3 47 4A AD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/02 08:20:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/02 08:20:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://charon.med.strykercorp.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - Extension: Google Docs = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/30 15:44:31 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 .psf
O1 - Hosts: 0.0.0.0 psf
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DisplaySwitch] C:\ProgramData\DisplaySwitch.exe ()
O4 - HKLM..\Run: [Parallels Tools Center] C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe (Parallels Holdings, Ltd. and its affiliates.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [] C:\Users\scottdangora2\winlogon.exe (FileZilla Project)
O4 - HKCU..\Run: [HP] C:\Users\scottdangora2\AppData\Local\Deployment\HP\jydhkklg.dll (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: .psf ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: .psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: psf ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: stryker.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: stryker.com ([sharepoint.med] http in Trusted sites)
O15 - HKCU\..Trusted Domains: strykercorp.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: strykercorp.com ([charon.med] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://stryker.webe...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://go.stryker.c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.211.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93A2AFA-28A3-4B40-AA67-E9406CCD1798}: DhcpNameServer = 10.211.55.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\ProgramData\DisplaySwitch.exe) - C:\ProgramData\DisplaySwitch.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: AlternateShell - C:\ProgramData\DisplaySwitch.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/30 16:50:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
[2013/05/30 15:34:19 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:33:41 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:29 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:05 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:32:39 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:38 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe
[2013/05/30 15:32:10 | 000,122,368 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\winlogon.exe
[2013/05/15 13:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2013/05/15 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2
[2013/05/13 21:11:29 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Local\Western Digital
[2013/05/13 21:11:21 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Local\Western_Digital_Technolog
[2013/05/13 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2013/05/13 21:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2013/05/13 21:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
[2013/05/13 21:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/05/08 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/05/08 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly
[2013/05/08 21:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/05/08 21:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutterfly
[2013/05/02 10:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

========== Files - Modified Within 30 Days ==========

[2013/05/30 16:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
[2013/05/30 16:40:24 | 800,286,262 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/30 16:40:24 | 1207,607,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 16:40:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/30 16:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/30 16:05:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 15:35:05 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/05/30 15:34:53 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\winlogon635355.exe
[2013/05/30 15:34:46 | 000,202,178 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/05/30 15:34:39 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv206966.exe
[2013/05/30 15:34:36 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\java.exe
[2013/05/30 15:34:27 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:34:12 | 000,015,872 | ---- | M] () -- C:\Users\scottdangora2\windowsupdate.exe
[2013/05/30 15:34:05 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\ctfmon.exe
[2013/05/30 15:33:51 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\csrss.exe
[2013/05/30 15:33:51 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\msconfig.exe
[2013/05/30 15:33:50 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:50 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\skype.exe
[2013/05/30 15:33:41 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\conhost.exe
[2013/05/30 15:33:40 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\iexplore.exe
[2013/05/30 15:33:38 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:37 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\teamviewer.exe
[2013/05/30 15:33:26 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\vlcplayer.exe
[2013/05/30 15:33:23 | 000,015,872 | ---- | M] () -- C:\ProgramData\DisplaySwitch.exe
[2013/05/30 15:33:18 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\flashplayer.exe
[2013/05/30 15:33:14 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:33:06 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\chrome.exe
[2013/05/30 15:33:03 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\googleupdate.exe
[2013/05/30 15:32:56 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\notepad.exe
[2013/05/30 15:32:54 | 000,015,872 | ---- | M] () -- C:\Users\scottdangora2\alg.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\opera.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\firefox.exe
[2013/05/30 15:32:48 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:48 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv.exe
[2013/05/30 15:32:45 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe
[2013/05/30 15:32:22 | 000,122,368 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\winlogon.exe
[2013/05/30 15:32:17 | 000,015,872 | ---- | M] () -- C:\Users\scottdangora2\jqs.exe
[2013/05/30 12:05:06 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/30 07:05:56 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 12:20:45 | 000,028,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 12:20:45 | 000,028,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 12:13:43 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/05/13 21:21:51 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/13 21:21:51 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/13 21:21:51 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/13 21:08:29 | 034,756,882 | ---- | M] () -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2.zip
[2013/05/08 21:01:31 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/05/08 13:32:34 | 000,028,160 | ---- | M] () -- C:\Users\scottdangora2\Desktop\Stryker Service Manuals.msg
[2013/05/01 10:31:26 | 000,167,887 | ---- | M] () -- C:\Users\scottdangora2\Desktop\Stryker Sustainability.pdf
[2013/05/01 10:30:41 | 000,077,659 | ---- | M] () -- C:\Users\scottdangora2\Desktop\Stryker Furniture Warranty.pdf
[2013/05/01 10:30:37 | 001,293,829 | ---- | M] () -- C:\Users\scottdangora2\Desktop\LEED Tool FInal.pdf

========== Files Created - No Company Name ==========

[2013/05/30 16:40:24 | 800,286,262 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/30 15:35:04 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/05/30 15:34:45 | 000,202,178 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/05/30 15:34:39 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\winlogon635355.exe
[2013/05/30 15:34:39 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\spoolsv206966.exe
[2013/05/30 15:34:36 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\java.exe
[2013/05/30 15:34:08 | 000,015,872 | ---- | C] () -- C:\Users\scottdangora2\windowsupdate.exe
[2013/05/30 15:33:51 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\msconfig.exe
[2013/05/30 15:33:50 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\skype.exe
[2013/05/30 15:33:49 | 000,015,872 | ---- | C] () -- C:\ProgramData\DisplaySwitch.exe
[2013/05/30 15:33:42 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\csrss.exe
[2013/05/30 15:33:41 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\conhost.exe
[2013/05/30 15:33:40 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\iexplore.exe
[2013/05/30 15:33:28 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\teamviewer.exe
[2013/05/30 15:33:26 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\vlcplayer.exe
[2013/05/30 15:33:18 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\flashplayer.exe
[2013/05/30 15:33:15 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\ctfmon.exe
[2013/05/30 15:32:57 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\chrome.exe
[2013/05/30 15:32:56 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\googleupdate.exe
[2013/05/30 15:32:56 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\notepad.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\opera.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\firefox.exe
[2013/05/30 15:32:48 | 000,015,872 | ---- | C] () -- C:\Users\scottdangora2\alg.exe
[2013/05/30 15:32:48 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\spoolsv.exe
[2013/05/30 15:32:10 | 000,015,872 | ---- | C] () -- C:\Users\scottdangora2\jqs.exe
[2013/05/13 21:10:23 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/05/13 21:07:22 | 034,756,882 | ---- | C] () -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2.zip
[2013/05/08 21:01:31 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/05/08 13:32:34 | 000,028,160 | ---- | C] () -- C:\Users\scottdangora2\Desktop\Stryker Service Manuals.msg
[2013/05/01 10:31:26 | 000,167,887 | ---- | C] () -- C:\Users\scottdangora2\Desktop\Stryker Sustainability.pdf
[2013/05/01 10:30:41 | 000,077,659 | ---- | C] () -- C:\Users\scottdangora2\Desktop\Stryker Furniture Warranty.pdf
[2013/05/01 10:30:37 | 001,293,829 | ---- | C] () -- C:\Users\scottdangora2\Desktop\LEED Tool FInal.pdf
[2013/03/30 05:50:38 | 000,096,512 | ---- | C] () -- C:\Windows\SysWow64\prl_credential_provider.dll
[2012/11/09 10:29:20 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/02 08:16:09 | 000,165,053 | ---- | C] () -- C:\Windows\hpoins13.dat
[2012/11/02 08:16:09 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2012/09/22 21:01:33 | 000,000,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\scottdangora2\AppData\Local\Temp\sncpbho\smrtoxt\wow64.dll -- [2013/04/29 17:15:22 | 000,002,560 | -HS- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/08 21:01:35 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/10/18 13:05:55 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Juniper Networks
[2012/09/22 21:04:37 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Local Libraries
[2012/09/22 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Parallels
[2012/10/18 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\TeamViewer
[2013/04/26 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\webex

========== Purity Check ==========



< End of report >
  • 0

#3
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's what's listed in the Extras.txt file.

OTL Extras logfile created on: 5/30/2013 4:55:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scottdangora2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 62.61% Memory free
3.00 Gb Paging File | 2.52 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 62.86 Gb Free Space | 62.86% Space Free | Partition Type: NTFS

Computer Name: SCOTTDANGORA821 | User Name: scottdangora2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{63C9FAC3-6820-45FA-9802-F319C4ED1890}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0884A4F7-D1AD-4B6C-8AF2-27E9AE6D0137}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{173ADF95-5DF9-43BF-8D7E-B41BEC1D160E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{28F6DACB-06C3-4EAF-8A9F-748E0FA821C5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{294A7B2B-D215-49E7-88AD-DC011BF18FD6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{4182D47D-1248-4DF9-B1E9-C3314F97D369}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{54555890-1284-41A2-9F1E-69A7B56D4A54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{58FF7D0C-228C-498F-BB35-DE3A2FEF8EC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{623E3FD2-28B2-4228-8A1F-A1C00A152927}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{6DAF337B-AD19-4C7A-B206-F98070920135}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{753BE1D9-BB00-45CE-A5F8-E868E5800F58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{89D15B62-4532-4DEA-A0A9-E4CD2907A2A7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{8B302EB1-C37C-401F-A9DF-94F5B8C63E34}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9255F795-6CB9-4B81-8ABE-66CBB5F3C8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9AEBDDAA-EE1F-4E18-A65B-8155F8FA3805}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A182C6A1-34F0-4154-9E1A-877918BEE973}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AF05D80D-48A0-4753-822D-BFAD60FA02FD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BA39F29A-18FC-4E59-9797-E8A5AD5053F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C43894F4-6D23-4889-BA2D-3467764ACE83}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{CB952A97-2DFD-4887-842C-23ECFC85678F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{CE95159D-C977-4105-8623-518469C4A25A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{DCB11866-3392-4A56-962D-C35A1BF61A3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{E4FB9EA8-BF48-4FAD-8A5E-FA3CFAE91C93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{EC3EE2E4-6E03-4634-BAF6-ABDE42C6A343}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{ED25CBE0-76BB-4790-9EC2-91F8839B50B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EF52F4B3-16FB-4489-96D7-E93D5C967540}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F06B9EC0-EC09-40B1-A1C9-C7C3C88FFC5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{FBF33880-F040-46F5-BC1F-CB7D21D60D42}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{DBFAE653-F259-4643-B574-6E636BA26A77}" = Parallels Tools
"{DD178D9D-89DD-4F15-9E56-57C85D1EDF36}" = WD SmartWare
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{124310E8-7C49-4C33-B4F2-3CF43F3830B7}" = WD Quick View
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8E7332CC-A2E6-4DAD-AAE3-4449563FFD4B}" = Symantec Enterprise Vault HTTP-only Outlook Add-In
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{bfb9000e-e7d4-490f-a873-ec2c9cab3b3d}" = WD SmartWare Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Google Chrome" = Google Chrome
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"TeamViewer 7" = TeamViewer 7
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Applet" = Applet
"BDB7519134B3CAFA5C538048C0DD9424788A623F" = SAVO Outlook add-in
"JNLP" = JNLP
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Velocity v2.3.7" = Velocity v2.3.7

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2013 12:00:08 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0c63a Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1644 Faulting application start time: 0x01ce5d4ec17cdfe5 Faulting application path:
C:\Windows\sysWow64\SearchProtocolHost.exe Faulting module path: unknown Report Id:
ff7354a5-c941-11e2-82a7-001c4298bd0f

Error - 5/30/2013 12:00:08 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0c63a Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1284 Faulting application start time: 0x01ce5d4ec2026395 Faulting application path:
C:\Windows\sysWow64\SearchProtocolHost.exe Faulting module path: unknown Report Id:
ffe827df-c941-11e2-82a7-001c4298bd0f

Error - 5/30/2013 12:00:21 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0c63a Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x213c Faulting application start time: 0x01ce5d4ec29170ad Faulting application path:
C:\Windows\sysWow64\SearchProtocolHost.exe Faulting module path: unknown Report Id:
07545a11-c942-11e2-82a7-001c4298bd0f

Error - 5/30/2013 12:00:21 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0c63a Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1be8 Faulting application start time: 0x01ce5d4ec9d77d3f Faulting application path:
C:\Windows\sysWow64\SearchProtocolHost.exe Faulting module path: unknown Report Id:
07925735-c942-11e2-82a7-001c4298bd0f

Error - 5/30/2013 12:00:22 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0c63a Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1f30 Faulting application start time: 0x01ce5d4eca157a63 Faulting application path:
C:\Windows\sysWow64\SearchProtocolHost.exe Faulting module path: unknown Report Id:
0815788b-c942-11e2-82a7-001c4298bd0f

Error - 5/30/2013 12:00:24 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.17610,
time stamp: 0x4dc0c63a Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x1954 Faulting application start time: 0x01ce5d4ecabec159 Faulting application path:
C:\Windows\sysWow64\SearchProtocolHost.exe Faulting module path: unknown Report Id:
0973f239-c942-11e2-82a7-001c4298bd0f

Error - 5/30/2013 3:34:19 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: csrss.exe, version: 0.0.0.0, time stamp:
0x4fda07f7 Faulting module name: csrss.exe, version: 0.0.0.0, time stamp: 0x4fda07f7
Exception
code: 0xc0000005 Fault offset: 0x000028b7 Faulting process id: 0x3a0c Faulting application
start time: 0x01ce5d6c9d5051ca Faulting application path: C:\Users\scottdangora2\csrss.exe
Faulting
module path: C:\Users\scottdangora2\csrss.exe Report Id: ea1ceeba-c95f-11e2-82a7-001c4298bd0f

Error - 5/30/2013 3:34:19 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: ctfmon.exe, version: 0.0.0.0, time stamp:
0x4fda07f7 Faulting module name: ctfmon.exe, version: 0.0.0.0, time stamp: 0x4fda07f7
Exception
code: 0xc0000005 Fault offset: 0x000028b7 Faulting process id: 0x41c0 Faulting application
start time: 0x01ce5d6ca63b0743 Faulting application path: C:\Users\scottdangora2\ctfmon.exe
Faulting
module path: C:\Users\scottdangora2\ctfmon.exe Report Id: ea211ad7-c95f-11e2-82a7-001c4298bd0f

Error - 5/30/2013 3:34:53 PM | Computer Name = SCOTTDANGORA821 | Source = Application Error | ID = 1000
Description = Faulting application name: winlogon635355.exe, version: 0.0.0.0, time
stamp: 0x4fda07f7 Faulting module name: winlogon635355.exe, version: 0.0.0.0, time
stamp: 0x4fda07f7 Exception code: 0xc0000005 Fault offset: 0x000028b7 Faulting process
id: 0x2f8c Faulting application start time: 0x01ce5d6cc1deb21d Faulting application
path: C:\Users\scottdangora2\winlogon635355.exe Faulting module path: C:\Users\scottdangora2\winlogon635355.exe
Report
Id: ffc47667-c95f-11e2-82a7-001c4298bd0f

Error - 5/30/2013 4:42:15 PM | Computer Name = SCOTTDANGORA821 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/29/2013 12:57:19 PM | Computer Name = SCOTTDANGORA821 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Spooler service.

Error - 5/30/2013 3:32:56 PM | Computer Name = SCOTTDANGORA821 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 5/30/2013 4:40:29 PM | Computer Name = SCOTTDANGORA821 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:28:40 PM on ?5/?30/?2013 was unexpected.

Error - 5/30/2013 4:40:31 PM | Computer Name = SCOTTDANGORA821 | Source = BugCheck | ID = 1001
Description =

Error - 5/30/2013 4:40:34 PM | Computer Name = SCOTTDANGORA821 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache spldr Wanarpv6

Error - 5/30/2013 4:40:42 PM | Computer Name = SCOTTDANGORA821 | Source = DCOM | ID = 10005
Description =

Error - 5/30/2013 4:40:51 PM | Computer Name = SCOTTDANGORA821 | Source = DCOM | ID = 10005
Description =

Error - 5/30/2013 4:40:52 PM | Computer Name = SCOTTDANGORA821 | Source = DCOM | ID = 10005
Description =

Error - 5/30/2013 4:40:52 PM | Computer Name = SCOTTDANGORA821 | Source = DCOM | ID = 10005
Description =

Error - 5/30/2013 4:55:08 PM | Computer Name = SCOTTDANGORA821 | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lots of bad boys hiding there

Lets assassinate them :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [DisplaySwitch] C:\ProgramData\DisplaySwitch.exe ()
O4 - HKCU..\Run: [] C:\Users\scottdangora2\winlogon.exe (FileZilla Project)
O4 - HKCU..\Run: [HP] C:\Users\scottdangora2\AppData\Local\Deployment\HP\jydhkklg.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (C:\ProgramData\DisplaySwitch.exe) - C:\ProgramData\DisplaySwitch.exe ()
[2013/05/30 15:34:19 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:33:41 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:29 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:05 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:32:39 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:38 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe
[2013/05/30 15:32:10 | 000,122,368 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\winlogon.exe
[2013/05/30 15:35:05 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/05/30 15:34:53 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\winlogon635355.exe
[2013/05/30 15:34:46 | 000,202,178 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/05/30 15:34:39 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv206966.exe
[2013/05/30 15:34:36 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\java.exe
[2013/05/30 15:34:27 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:34:12 | 000,015,872 | ---- | M] () -- C:\Users\scottdangora2\windowsupdate.exe
[2013/05/30 15:34:05 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\ctfmon.exe
[2013/05/30 15:33:51 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\csrss.exe
[2013/05/30 15:33:51 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\msconfig.exe
[2013/05/30 15:33:50 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:50 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\skype.exe
[2013/05/30 15:33:41 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\conhost.exe
[2013/05/30 15:33:40 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\iexplore.exe
[2013/05/30 15:33:38 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:37 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\teamviewer.exe
[2013/05/30 15:33:26 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\vlcplayer.exe
[2013/05/30 15:33:23 | 000,015,872 | ---- | M] () -- C:\ProgramData\DisplaySwitch.exe
[2013/05/30 15:33:18 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\flashplayer.exe
[2013/05/30 15:33:14 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:33:06 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\chrome.exe
[2013/05/30 15:33:03 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\googleupdate.exe
[2013/05/30 15:32:56 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\notepad.exe
[2013/05/30 15:32:54 | 000,015,872 | ---- | M] () -- C:\Users\scottdangora2\alg.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\opera.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\firefox.exe
[2013/05/30 15:32:48 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:48 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv.exe
[2013/05/30 15:32:45 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe
[2013/05/30 15:32:22 | 000,122,368 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\winlogon.exe
[2013/05/30 15:32:17 | 000,015,872 | ---- | M] () -- C:\Users\scottdangora2\jqs.exe

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Run OTL once more

Posted Image

  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#5
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Essexboy! Thank you so much for responding. Since my original post and now, I have run HitmanPro. This is my business computer and I needed to try something quickly. My computer seems to be working fine, but if you have the time and the interest, I would love to check to make sure anything that may be lurking is erradicated.
  • 0

#6
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Should I follow the same directions you've already listed?
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case run a fresh scan with the script that posted
  • 0

#8
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
running scan now
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

#10
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
This time only the OTL.txt file came up.... Here is what I got:


OTL logfile created on: 6/4/2013 1:40:33 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scottdangora2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 52.11% Memory free
3.00 Gb Paging File | 1.89 Gb Available in Paging File | 63.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 66.36 Gb Free Space | 66.36% Space Free | Partition Type: NTFS
Drive X: | 464.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: PrlSF
Drive Y: | 464.96 Gb Total Space | 263.91 Gb Free Space | 56.76% Space Free | Partition Type: PrlSF
Drive Z: | 464.96 Gb Total Space | 263.91 Gb Free Space | 56.76% Space Free | Partition Type: PrlSF

Computer Name: SCOTTDANGORA821 | User Name: scottdangora2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/30 16:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
PRC - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/04/22 09:40:54 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/03/30 05:55:16 | 000,033,536 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\WoW\coherence.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 11:37:57 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/11/15 11:37:56 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/15 11:37:56 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
MOD - [2012/11/15 11:08:10 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/15 11:08:10 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/15 11:08:06 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/15 11:08:04 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/15 11:08:01 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/31 10:19:09 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/24 11:21:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/03/30 05:55:08 | 000,037,120 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe -- (Parallels Coherence Service)
SRV - [2013/03/30 05:50:14 | 000,085,248 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll -- (prl_uprof)
SRV - [2013/03/30 05:50:08 | 000,172,288 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe -- (Parallels Tools Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/31 10:32:51 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/04/22 09:45:58 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/04/16 11:40:13 | 000,120,576 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_pv64.sys -- (prl_pv64)
DRV:64bit: - [2013/03/30 05:50:06 | 000,019,200 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\prl_time.sys -- (prl_time)
DRV:64bit: - [2013/03/30 05:50:04 | 000,040,192 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_strg.sys -- (prl_strg)
DRV:64bit: - [2013/03/30 05:50:04 | 000,028,288 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_tg.sys -- (prl_tg)
DRV:64bit: - [2013/03/30 05:50:02 | 000,055,552 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_sound.sys -- (prl_sound)
DRV:64bit: - [2013/03/30 05:49:40 | 000,021,760 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_mouf.sys -- (prl_mouf)
DRV:64bit: - [2013/03/30 05:49:36 | 000,021,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_memdev.sys -- (prl_memdev)
DRV:64bit: - [2013/03/30 05:49:34 | 000,157,440 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_kmdd.sys -- (prl_dd)
DRV:64bit: - [2013/03/30 05:49:24 | 000,199,424 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\prl_fs.sys -- (prl_fs)
DRV:64bit: - [2013/03/30 05:49:16 | 000,048,384 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\prl_boot.sys -- (prl_boot)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/23 01:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://charon.med.strykercorp.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D0 D3 47 4A AD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/02 08:20:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/02 08:20:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://charon.med.strykercorp.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - Extension: Google Docs = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/31 21:52:13 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 .psf
O1 - Hosts: 0.0.0.0 psf
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" File not found
O4 - HKLM..\Run: [Parallels Tools Center] C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe (Parallels Holdings, Ltd. and its affiliates.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: .psf ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: .psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: psf ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: stryker.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: stryker.com ([sharepoint.med] http in Trusted sites)
O15 - HKCU\..Trusted Domains: strykercorp.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: strykercorp.com ([charon.med] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://stryker.webe...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://go.stryker.c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.211.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93A2AFA-28A3-4B40-AA67-E9406CCD1798}: DhcpNameServer = 10.211.55.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\ProgramData\DisplaySwitch.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: AlternateShell - C:\ProgramData\DisplaySwitch.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/31 10:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/05/31 10:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/05/31 10:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/31 10:01:58 | 009,818,384 | ---- | C] (SurfRight B.V.) -- C:\Users\scottdangora2\Desktop\HitmanPro_x64.exe
[2013/05/30 16:50:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
[2013/05/30 15:34:19 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:33:41 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:29 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:05 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:32:39 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:38 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe
[2013/05/24 11:20:47 | 016,948,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/15 13:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2013/05/15 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2
[2013/05/13 21:11:29 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Local\Western Digital
[2013/05/13 21:11:21 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Local\Western_Digital_Technolog
[2013/05/13 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2013/05/13 21:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2013/05/13 21:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
[2013/05/13 21:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/05/08 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/05/08 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly
[2013/05/08 21:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/05/08 21:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutterfly

========== Files - Modified Within 30 Days ==========

[2013/06/04 13:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/03 17:05:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 12:05:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/31 10:40:11 | 000,028,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 10:40:11 | 000,028,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 10:37:02 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/31 10:37:02 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/31 10:37:02 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/31 10:33:23 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/05/31 10:32:51 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/05/31 10:32:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/31 10:32:42 | 1207,607,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/31 10:31:43 | 000,001,858 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/05/31 10:19:09 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/05/31 10:15:59 | 287,323,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/31 10:02:36 | 009,818,384 | ---- | M] (SurfRight B.V.) -- C:\Users\scottdangora2\Desktop\HitmanPro_x64.exe
[2013/05/30 16:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
[2013/05/30 15:35:05 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/05/30 15:34:53 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\winlogon635355.exe
[2013/05/30 15:34:46 | 000,202,178 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/05/30 15:34:39 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv206966.exe
[2013/05/30 15:34:36 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\java.exe
[2013/05/30 15:34:27 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:34:05 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\ctfmon.exe
[2013/05/30 15:33:51 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\csrss.exe
[2013/05/30 15:33:51 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\msconfig.exe
[2013/05/30 15:33:50 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:50 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\skype.exe
[2013/05/30 15:33:41 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\conhost.exe
[2013/05/30 15:33:40 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\iexplore.exe
[2013/05/30 15:33:38 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:37 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\teamviewer.exe
[2013/05/30 15:33:26 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\vlcplayer.exe
[2013/05/30 15:33:18 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\flashplayer.exe
[2013/05/30 15:33:14 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:33:06 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\chrome.exe
[2013/05/30 15:33:03 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\googleupdate.exe
[2013/05/30 15:32:56 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\notepad.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\opera.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\firefox.exe
[2013/05/30 15:32:48 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:48 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv.exe
[2013/05/30 15:32:45 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe
[2013/05/30 07:05:56 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/24 11:21:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/24 11:21:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/24 11:20:47 | 016,948,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/05/13 21:08:29 | 034,756,882 | ---- | M] () -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2.zip
[2013/05/08 21:01:31 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/05/08 13:32:34 | 000,028,160 | ---- | M] () -- C:\Users\scottdangora2\Desktop\Stryker Service Manuals.msg

========== Files Created - No Company Name ==========

[2013/05/31 10:32:51 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/05/31 10:31:43 | 000,001,858 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/05/31 10:19:09 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/05/30 16:40:24 | 287,323,830 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/30 15:35:04 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/05/30 15:34:45 | 000,202,178 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/05/30 15:34:39 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\winlogon635355.exe
[2013/05/30 15:34:39 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\spoolsv206966.exe
[2013/05/30 15:34:36 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\java.exe
[2013/05/30 15:33:51 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\msconfig.exe
[2013/05/30 15:33:50 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\skype.exe
[2013/05/30 15:33:42 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\csrss.exe
[2013/05/30 15:33:41 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\conhost.exe
[2013/05/30 15:33:40 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\iexplore.exe
[2013/05/30 15:33:28 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\teamviewer.exe
[2013/05/30 15:33:26 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\vlcplayer.exe
[2013/05/30 15:33:18 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\flashplayer.exe
[2013/05/30 15:33:15 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\ctfmon.exe
[2013/05/30 15:32:57 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\chrome.exe
[2013/05/30 15:32:56 | 000,126,976 | ---- | C] () -- C:\Users\scottdangora2\googleupdate.exe
[2013/05/30 15:32:56 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\notepad.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\opera.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\firefox.exe
[2013/05/30 15:32:48 | 000,000,000 | ---- | C] () -- C:\Users\scottdangora2\spoolsv.exe
[2013/05/13 21:10:23 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/05/13 21:07:22 | 034,756,882 | ---- | C] () -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2.zip
[2013/05/08 21:01:31 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/05/08 13:32:34 | 000,028,160 | ---- | C] () -- C:\Users\scottdangora2\Desktop\Stryker Service Manuals.msg
[2013/03/30 05:50:38 | 000,096,512 | ---- | C] () -- C:\Windows\SysWow64\prl_credential_provider.dll
[2012/11/09 10:29:20 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/02 08:16:09 | 000,165,053 | ---- | C] () -- C:\Windows\hpoins13.dat
[2012/11/02 08:16:09 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2012/09/22 21:01:33 | 000,000,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\scottdangora2\AppData\Local\Temp\sncpbho\smrtoxt\wow64.dll -- [2013/04/29 17:15:22 | 000,002,560 | -HS- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/08 21:01:35 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/10/18 13:05:55 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Juniper Networks
[2012/09/22 21:04:37 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Local Libraries
[2012/09/22 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Parallels
[2012/10/18 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\TeamViewer
[2013/04/26 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\webex

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This will remove the remnants and then I will check for any remaining orphans

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" File not found
O20 - HKLM Winlogon: Shell - (C:\ProgramData\DisplaySwitch.exe) - File not found
O31 - SafeBoot: AlternateShell - C:\ProgramData\DisplaySwitch.exe
[2013/05/30 15:34:19 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:33:41 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:29 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:05 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:32:39 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:38 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe
[2013/05/30 15:34:53 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\winlogon635355.exe
[2013/05/30 15:34:46 | 000,202,178 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/05/30 15:34:39 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv206966.exe
[2013/05/30 15:34:36 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\java.exe
[2013/05/30 15:34:27 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\jucheck.exe
[2013/05/30 15:34:05 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\ctfmon.exe
[2013/05/30 15:33:51 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\csrss.exe
[2013/05/30 15:33:51 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\msconfig.exe
[2013/05/30 15:33:50 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobat.exe
[2013/05/30 15:33:50 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\skype.exe
[2013/05/30 15:33:41 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\conhost.exe
[2013/05/30 15:33:40 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\iexplore.exe
[2013/05/30 15:33:38 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\rundll32.exe
[2013/05/30 15:33:37 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\teamviewer.exe
[2013/05/30 15:33:26 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\vlcplayer.exe
[2013/05/30 15:33:18 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\flashplayer.exe
[2013/05/30 15:33:14 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\acrobatreader.exe
[2013/05/30 15:33:06 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\chrome.exe
[2013/05/30 15:33:03 | 000,126,976 | ---- | M] () -- C:\Users\scottdangora2\googleupdate.exe
[2013/05/30 15:32:56 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\notepad.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\opera.exe
[2013/05/30 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\firefox.exe
[2013/05/30 15:32:48 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\mstsc.exe
[2013/05/30 15:32:48 | 000,000,000 | ---- | M] () -- C:\Users\scottdangora2\spoolsv.exe
[2013/05/30 15:32:45 | 000,096,256 | ---- | M] (FileZilla Project) -- C:\Users\scottdangora2\icq.exe

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#12
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Should I make sure the same options are selected for OTL (i.e. LOP Check & Purity Check)?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No just a quick scan will do :)
  • 0

#14
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
This is the file that came up after Restart:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\ProgramData\DisplaySwitch.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
C:\Users\scottdangora2\jucheck.exe moved successfully.
C:\Users\scottdangora2\acrobat.exe moved successfully.
C:\Users\scottdangora2\rundll32.exe moved successfully.
C:\Users\scottdangora2\acrobatreader.exe moved successfully.
C:\Users\scottdangora2\mstsc.exe moved successfully.
C:\Users\scottdangora2\icq.exe moved successfully.
C:\Users\scottdangora2\winlogon635355.exe moved successfully.
C:\ProgramData\1.jpg moved successfully.
C:\Users\scottdangora2\spoolsv206966.exe moved successfully.
C:\Users\scottdangora2\java.exe moved successfully.
File C:\Users\scottdangora2\jucheck.exe not found.
C:\Users\scottdangora2\ctfmon.exe moved successfully.
C:\Users\scottdangora2\csrss.exe moved successfully.
C:\Users\scottdangora2\msconfig.exe moved successfully.
File C:\Users\scottdangora2\acrobat.exe not found.
C:\Users\scottdangora2\skype.exe moved successfully.
C:\Users\scottdangora2\conhost.exe moved successfully.
C:\Users\scottdangora2\iexplore.exe moved successfully.
File C:\Users\scottdangora2\rundll32.exe not found.
C:\Users\scottdangora2\teamviewer.exe moved successfully.
C:\Users\scottdangora2\vlcplayer.exe moved successfully.
C:\Users\scottdangora2\flashplayer.exe moved successfully.
File C:\Users\scottdangora2\acrobatreader.exe not found.
C:\Users\scottdangora2\chrome.exe moved successfully.
C:\Users\scottdangora2\googleupdate.exe moved successfully.
C:\Users\scottdangora2\notepad.exe moved successfully.
C:\Users\scottdangora2\opera.exe moved successfully.
C:\Users\scottdangora2\firefox.exe moved successfully.
File C:\Users\scottdangora2\mstsc.exe not found.
C:\Users\scottdangora2\spoolsv.exe moved successfully.
File C:\Users\scottdangora2\icq.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: scottdangora2
->Temp folder emptied: 51526018 bytes
->Temporary Internet Files folder emptied: 319373313 bytes
->Java cache emptied: 8206486 bytes
->Google Chrome cache emptied: 195432819 bytes
->Flash cache emptied: 63481 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75579 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36113131 bytes
RecycleBin emptied: 279552 bytes

Total Files Cleaned = 583.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06042013_145106

Files\Folders moved on Reboot...
C:\Users\scottdangora2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.


-----------------------------------------------------------------------------------------------------------------


Here is the OTL.txt post Restart and quick scan:

OTL logfile created on: 6/4/2013 2:59:33 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\scottdangora2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 53.36% Memory free
3.00 Gb Paging File | 2.03 Gb Available in Paging File | 67.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 67.03 Gb Free Space | 67.03% Space Free | Partition Type: NTFS
Drive X: | 464.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: PrlSF
Drive Y: | 464.96 Gb Total Space | 264.89 Gb Free Space | 56.97% Space Free | Partition Type: PrlSF
Drive Z: | 464.96 Gb Total Space | 264.89 Gb Free Space | 56.97% Space Free | Partition Type: PrlSF

Computer Name: SCOTTDANGORA821 | User Name: scottdangora2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/30 16:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
PRC - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/04/22 09:40:54 | 005,687,152 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/03/30 05:55:16 | 000,033,536 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\WoW\coherence.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 11:37:57 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/11/15 11:37:56 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/15 11:37:56 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll
MOD - [2012/11/15 11:08:10 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012/11/15 11:08:10 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012/11/15 11:08:06 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll
MOD - [2012/11/15 11:08:04 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012/11/15 11:08:01 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/31 10:19:09 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/24 11:21:03 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/22 09:43:52 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/04/22 09:40:04 | 000,270,192 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/03/30 05:55:08 | 000,037,120 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\coherence.exe -- (Parallels Coherence Service)
SRV - [2013/03/30 05:50:14 | 000,085,248 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\Parallels\Parallels Tools\prl_uprof.dll -- (prl_uprof)
SRV - [2013/03/30 05:50:08 | 000,172,288 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\Parallels\Parallels Tools\Services\prl_tools_service.exe -- (Parallels Tools Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/31 10:32:51 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/04/22 09:45:58 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/04/16 11:40:13 | 000,120,576 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_pv64.sys -- (prl_pv64)
DRV:64bit: - [2013/03/30 05:50:06 | 000,019,200 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\prl_time.sys -- (prl_time)
DRV:64bit: - [2013/03/30 05:50:04 | 000,040,192 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_strg.sys -- (prl_strg)
DRV:64bit: - [2013/03/30 05:50:04 | 000,028,288 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_tg.sys -- (prl_tg)
DRV:64bit: - [2013/03/30 05:50:02 | 000,055,552 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_sound.sys -- (prl_sound)
DRV:64bit: - [2013/03/30 05:49:40 | 000,021,760 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_mouf.sys -- (prl_mouf)
DRV:64bit: - [2013/03/30 05:49:36 | 000,021,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_memdev.sys -- (prl_memdev)
DRV:64bit: - [2013/03/30 05:49:34 | 000,157,440 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\prl_kmdd.sys -- (prl_dd)
DRV:64bit: - [2013/03/30 05:49:24 | 000,199,424 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\prl_fs.sys -- (prl_fs)
DRV:64bit: - [2013/03/30 05:49:16 | 000,048,384 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\prl_boot.sys -- (prl_boot)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/23 01:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://charon.med.strykercorp.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 D0 D3 47 4A AD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/02 08:20:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/02 08:20:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://charon.med.strykercorp.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - Extension: Google Docs = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\scottdangora2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/31 21:52:13 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 .psf
O1 - Hosts: 0.0.0.0 psf
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Parallels Tools Center] C:\Program Files (x86)\Parallels\Parallels Tools\prl_cc.exe (Parallels Holdings, Ltd. and its affiliates.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: .psf ([]* in Local intranet)
O15:64bit: - ..Trusted Domains: psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: .psf ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: psf ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: stryker.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: stryker.com ([sharepoint.med] http in Trusted sites)
O15 - HKCU\..Trusted Domains: strykercorp.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: strykercorp.com ([charon.med] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://stryker.webe...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://go.stryker.c...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.211.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93A2AFA-28A3-4B40-AA67-E9406CCD1798}: DhcpNameServer = 10.211.55.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/04 14:51:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/31 10:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/05/31 10:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/05/31 10:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/31 10:01:58 | 009,818,384 | ---- | C] (SurfRight B.V.) -- C:\Users\scottdangora2\Desktop\HitmanPro_x64.exe
[2013/05/30 16:50:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
[2013/05/15 13:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2013/05/15 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2
[2013/05/13 21:11:29 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Local\Western Digital
[2013/05/13 21:11:21 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Local\Western_Digital_Technolog
[2013/05/13 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2013/05/13 21:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2013/05/13 21:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2013/05/13 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
[2013/05/13 21:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/05/08 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\scottdangora2\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/05/08 21:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly
[2013/05/08 21:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/05/08 21:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutterfly

========== Files - Modified Within 30 Days ==========

[2013/06/04 15:00:09 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/04 15:00:09 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/04 15:00:09 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/04 14:55:35 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/06/04 14:55:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 14:55:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/04 14:55:01 | 1207,607,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/04 14:05:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 13:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/31 10:40:11 | 000,028,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 10:40:11 | 000,028,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 10:32:51 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/05/31 10:31:43 | 000,001,858 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/05/31 10:19:09 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/05/31 10:15:59 | 287,323,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/31 10:02:36 | 009,818,384 | ---- | M] (SurfRight B.V.) -- C:\Users\scottdangora2\Desktop\HitmanPro_x64.exe
[2013/05/30 16:50:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\scottdangora2\Desktop\OTL.exe
[2013/05/30 15:35:05 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/05/30 07:05:56 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/13 21:08:29 | 034,756,882 | ---- | M] () -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2.zip
[2013/05/08 21:01:31 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/05/08 13:32:34 | 000,028,160 | ---- | M] () -- C:\Users\scottdangora2\Desktop\Stryker Service Manuals.msg

========== Files Created - No Company Name ==========

[2013/05/31 10:32:51 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/05/31 10:31:43 | 000,001,858 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/05/31 10:19:09 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/05/30 16:40:24 | 287,323,830 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/30 15:35:04 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/05/13 21:10:23 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2013/05/13 21:07:22 | 034,756,882 | ---- | C] () -- C:\Users\scottdangora2\Desktop\WD_SmartWare_Installer_2.0.1.2.zip
[2013/05/08 21:01:31 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/05/08 13:32:34 | 000,028,160 | ---- | C] () -- C:\Users\scottdangora2\Desktop\Stryker Service Manuals.msg
[2013/03/30 05:50:38 | 000,096,512 | ---- | C] () -- C:\Windows\SysWow64\prl_credential_provider.dll
[2012/11/09 10:29:20 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/02 08:16:09 | 000,165,053 | ---- | C] () -- C:\Windows\hpoins13.dat
[2012/11/02 08:16:09 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2012/09/22 21:01:33 | 000,000,408 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = C:\Users\scottdangora2\AppData\Local\Temp\sncpbho\smrtoxt\wow64.dll -- [2013/04/29 17:15:22 | 000,002,560 | -HS- | M] ()

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/08 21:01:35 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/10/18 13:05:55 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Juniper Networks
[2012/09/22 21:04:37 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Local Libraries
[2012/09/22 21:01:32 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\Parallels
[2012/10/18 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\TeamViewer
[2013/04/26 16:02:34 | 000,000,000 | ---D | M] -- C:\Users\scottdangora2\AppData\Roaming\webex

========== Purity Check ==========



< End of report >
  • 0

#15
Dadellaad

Dadellaad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.04.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
scottdangora2 :: SCOTTDANGORA821 [administrator]

Protection: Enabled

6/4/2013 3:16:27 PM
mbam-log-2013-06-04 (15-16-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211945
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP