Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default Virus that changes file folders into executables.

    Hi guys,

    It seems that I have obtained a virus from a friend of mine that changes file folders into .exe files.

    I'm guessing it was transmitted when I backed up files from her portable hard drive onto mine that I needed for the upkeep of my band website.

    It has only changed the files folders on my portable hard drive and it seems to have dropped in a file called desktop.ini in every folder.

    I have done the prescribed scans and included the portable hard drive in the scans.

    I really hope you can help me out here.

    Below are the scan logs.

    Cheers.


    Super Anti Spyware:


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/07/2014 at 01:09 PM

    Application Version : 5.7.1016

    Core Rules Database Version : 10960
    Trace Rules Database Version: 8772

    Scan type : Complete Scan
    Total Scan Time : 00:26:15

    Operating System Information
    Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 647
    Memory threats detected : 0
    Registry items scanned : 73768
    Registry threats detected : 0
    File items scanned : 81738
    File threats detected : 27

    Adware.Tracking Cookie
    .doubleclick.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tags.mediaforge.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.iad.liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.iad.liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sales.liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com.au [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .optus.112.2o7.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    va.marketer.lpsnmedia.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sales.liveperson.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cba.122.2o7.net [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\STAFF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    Trojan.Agent/Gen-Banker
    C:\USERS\STAFF\DESKTOP\LOGIN (WITH WILTJA ADMIN).EXE
    C:\USERS\STAFF\DOWNLOADS\LOGIN (WITH WILTJA ADMIN).EXE


    Malwarebytes:


    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free Anti-Malware

    Database version: v2014.01.06.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mike Hayes :: TH00DBDF0BDDF9 [administrator]

    7/01/2014 1:27:19 PM
    mbam-log-2014-01-07 (13-27-19).txt

    Scan type: Full scan (C:\|E:\|F:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 559301
    Time elapsed: 50 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Users\Staff\AppData\Local\Temp\che2A4A.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Users\Staff\AppData\Local\Temp\Incredibar_install.exe (PUP.Optional.Incredimail.A) -> Quarantined and deleted successfully.
    C:\Users\Staff\AppData\Local\Temp\695B9EC8-BAB0-7891-9E24-930D357B841C\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Staff\AppData\Local\Temp\695B9EC8-BAB0-7891-9E24-930D357B841C\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.

    (end)

    Hijack This:


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 11:18:39 AM, on 7/01/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)


    Boot mode: Normal

    Running processes:
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Optus Mobile Broadband\Optus Mobile Broadband.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Staff\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.60.184.52/wpad.dat
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.27.143.10;172.27.143.11
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
    O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3B920105-4E06-408F-A124-071952E54DCD}: NameServer = 198.142.0.51 61.88.88.88
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Optus Mobile Broadband. OUC (Optus Mobile Broadband. RunOuc) - Unknown owner - C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 15149 bytes

    Thank You

  2. The Following User Says Thank You to Haynzy For This Useful Post:


  3. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi Haynzy

    Hi! My name is zep516 and Welcome to Help2go
    I'll do the best I can to resolve your computer issue
    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    First

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Next

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.



    Please post in your next reply,

    • OTL.txt
    • Extras.txt
    • AdwCleaner[R0].txt


    ** Can you tell me is the task manager locked. Can you open it?

    And your music folder is now called "My music.exe" Something like that perhaps ?


    Thanks
    Joe
    Last edited by zep516; 01-07-2014 at 12:01 AM.

  4. The Following User Says Thank You to zep516 For This Useful Post:


  5. #3
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Hi Joe,

    I'm having trouble posting anything to this forum.

    All I get is a blank screen.

    I'll keep trying and hopefully you don't end up with 20 copies of the same post.

  6. The Following User Says Thank You to Haynzy For This Useful Post:


  7. #4
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Thanks Joe,

    I can open task manager with no problems.

    None of the folders on my computer seem to have been changed, it's just the folders on my portable hard drive.

    The actual folders are still there but they are now hidden and the virus has made copies of them but they are .exe files.
    So, my old "Music" folder on the portable hard drive now has a dummy there that looks like the old folder and is called "Music" but it is actually a .exe file and the original folder is hidden.
    I've been able to retrieve the original folders by adjusting the settings to show hidden files and folders and then changing the attributes but they just revert back to hidden folders again when I next boot up.

    Here is the OTL log:

    OTL logfile created on: 1/7/2014 4:22:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Staff\Downloads
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.89 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 41.08% Memory free
    7.78 Gb Paging File | 5.18 Gb Available in Paging File | 66.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 118.94 Gb Total Space | 26.41 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
    Drive D: | 33.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 931.51 Gb Total Space | 660.58 Gb Free Space | 70.92% Space Free | Partition Type: NTFS

    Computer Name: TH00DBDF0BDDF9 | User Name: Mike Hayes | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/07 16:21:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Staff\Downloads\OTL.exe
    PRC - [2013/12/18 11:32:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2013/12/04 13:18:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2013/11/20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/09/14 04:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    PRC - [2013/05/11 21:07:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/03/02 10:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2012/09/17 21:06:31 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Optus Mobile Broadband.exe
    PRC - [2012/09/17 21:06:26 | 000,655,712 | ---- | M] () -- C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
    PRC - [2011/05/21 01:40:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/05/21 01:40:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/03/15 01:57:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/01/07 14:19:57 | 001,153,024 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\_ssl.pyd
    MOD - [2014/01/07 14:19:57 | 001,062,400 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\wx._controls_.pyd
    MOD - [2014/01/07 14:19:57 | 000,811,008 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\wx._windows_.pyd
    MOD - [2014/01/07 14:19:57 | 000,805,888 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\wx._gdi_.pyd
    MOD - [2014/01/07 14:19:57 | 000,711,680 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\_hashlib.pyd
    MOD - [2014/01/07 14:19:57 | 000,110,080 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\pywintypes27.dll
    MOD - [2014/01/07 14:19:57 | 000,087,040 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\_ctypes.pyd
    MOD - [2014/01/07 14:19:57 | 000,070,656 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\wx._html2.pyd
    MOD - [2014/01/07 14:19:57 | 000,038,912 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32inet.pyd
    MOD - [2014/01/07 14:19:57 | 000,035,840 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32process.pyd
    MOD - [2014/01/07 14:19:57 | 000,026,624 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\_multiprocessing.pyd
    MOD - [2014/01/07 14:19:57 | 000,025,600 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32pdh.pyd
    MOD - [2014/01/07 14:19:57 | 000,024,064 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32pipe.pyd
    MOD - [2014/01/07 14:19:56 | 001,175,040 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\wx._core_.pyd
    MOD - [2014/01/07 14:19:56 | 000,735,232 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\wx._misc_.pyd
    MOD - [2014/01/07 14:19:56 | 000,686,080 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\unicodedata.pyd
    MOD - [2014/01/07 14:19:56 | 000,557,056 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\pysqlite2._sqlite.pyd
    MOD - [2014/01/07 14:19:56 | 000,521,680 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\windows._lib_cacheinvalidation.pyd
    MOD - [2014/01/07 14:19:56 | 000,364,544 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\pythoncom27.dll
    MOD - [2014/01/07 14:19:56 | 000,320,512 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32com.shell.shell.pyd
    MOD - [2014/01/07 14:19:56 | 000,128,512 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\_elementtree.pyd
    MOD - [2014/01/07 14:19:56 | 000,127,488 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\pyexpat.pyd
    MOD - [2014/01/07 14:19:56 | 000,122,368 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\wx._wizard.pyd
    MOD - [2014/01/07 14:19:56 | 000,119,808 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32file.pyd
    MOD - [2014/01/07 14:19:56 | 000,108,544 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32security.pyd
    MOD - [2014/01/07 14:19:56 | 000,098,816 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32api.pyd
    MOD - [2014/01/07 14:19:56 | 000,044,032 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\_socket.pyd
    MOD - [2014/01/07 14:19:56 | 000,022,528 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32ts.pyd
    MOD - [2014/01/07 14:19:56 | 000,018,432 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32event.pyd
    MOD - [2014/01/07 14:19:56 | 000,017,408 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32profile.pyd
    MOD - [2014/01/07 14:19:56 | 000,011,264 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\win32crypt.pyd
    MOD - [2014/01/07 14:19:56 | 000,010,240 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38282\select.pyd
    MOD - [2013/12/18 11:31:12 | 003,558,400 | ---- | M] () -- C:\Users\Staff\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/12/04 13:18:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
    MOD - [2013/12/04 13:18:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
    MOD - [2013/12/04 13:17:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
    MOD - [2013/12/04 13:17:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
    MOD - [2013/12/04 13:17:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
    MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
    MOD - [2013/08/24 05:31:44 | 025,100,288 | ---- | M] () -- C:\Users\Staff\AppData\Roaming\Dropbox\bin\libcef.dll
    MOD - [2012/09/17 21:06:31 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Optus Mobile Broadband.exe
    MOD - [2012/09/17 21:06:28 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtGui4.dll
    MOD - [2012/09/17 21:06:28 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtCore4.dll
    MOD - [2012/09/17 21:06:28 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtNetwork4.dll
    MOD - [2012/09/17 21:06:28 | 000,827,904 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\SMSUIPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,670,720 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\SmsAppPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,545,280 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\PluginContainer.dll
    MOD - [2012/09/17 21:06:28 | 000,398,336 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtXml4.dll
    MOD - [2012/09/17 21:06:28 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Proxy.dll
    MOD - [2012/09/17 21:06:28 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qtiff4.dll
    MOD - [2012/09/17 21:06:28 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qmng4.dll
    MOD - [2012/09/17 21:06:28 | 000,309,760 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\StatusBarMgrPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetInfoSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\sdk.dll
    MOD - [2012/09/17 21:06:28 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\SmsSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,212,480 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\ToolBarMgrPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qjpeg4.dll
    MOD - [2012/09/17 21:06:28 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\XFramePlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,160,256 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\XCodec.dll
    MOD - [2012/09/17 21:06:28 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\STKSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\USSDSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Trace.dll
    MOD - [2012/09/17 21:06:28 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSDialup.dll
    MOD - [2012/09/17 21:06:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSNDIS.dll
    MOD - [2012/09/17 21:06:28 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Win7Support.dll
    MOD - [2012/09/17 21:06:28 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSAdapt.dll
    MOD - [2012/09/17 21:06:28 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NotifyServicePlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qgif4.dll
    MOD - [2012/09/17 21:06:28 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qico4.dll
    MOD - [2012/09/17 21:06:28 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSPowerMgr.dll
    MOD - [2012/09/17 21:06:28 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSCall.dll
    MOD - [2012/09/17 21:06:27 | 001,101,824 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NDISAPI.dll
    MOD - [2012/09/17 21:06:27 | 000,693,760 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\LiveUpdateInterface.dll
    MOD - [2012/09/17 21:06:27 | 000,539,648 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DeviceMgrUIPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DialupUIPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\core.dll
    MOD - [2012/09/17 21:06:27 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DeviceAppPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetConnectPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,304,128 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DeviceSrvPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,295,424 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\MenuMgrPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,211,968 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DialUpPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,180,736 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NDISPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetConnectSrvPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DataServicePlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\LayoutPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\libgcc_s_dw2-1.dll
    MOD - [2012/09/17 21:06:27 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\mingwm10.dll
    MOD - [2012/09/17 21:06:26 | 001,078,272 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AddrBookPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,771,584 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AddrBookUIPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,547,840 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\CallLogSrvPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AddrBookSrvPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AtCodec.dll
    MOD - [2012/09/17 21:06:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Common.dll
    MOD - [2012/09/17 21:06:26 | 000,182,272 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\CallAppPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\CallSrvPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,123,392 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\ATR2SMgr.dll
    MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    MOD - [2012/07/16 15:04:00 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
    MOD - [2012/07/16 15:04:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
    MOD - [2012/07/16 14:26:20 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/07/16 14:26:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/07/16 14:25:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/07/16 14:25:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/07/16 14:25:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/07/16 14:25:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/07/16 14:25:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/07/16 14:25:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/07/16 14:25:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/30 21:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 21:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 16:41:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/21 08:15:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/05/08 09:07:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2012/12/09 19:50:29 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
    SRV:64bit: - [2012/02/26 06:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2012/02/26 06:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2012/02/26 06:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2012/02/26 06:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2012/01/17 17:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2012/01/09 13:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/05/18 14:31:14 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
    SRV:64bit: - [2010/11/12 06:06:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2010/11/12 06:06:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 12:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/12/16 21:55:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/11 21:07:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/17 21:06:26 | 000,655,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe -- (Optus Mobile Broadband. RunOuc)
    SRV - [2011/05/21 01:40:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/03/15 01:57:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
    SRV - [2010/02/20 06:07:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,417,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV:64bit: - [2012/09/17 21:06:28 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/06/25 14:53:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
    DRV:64bit: - [2012/05/04 18:58:52 | 000,125,440 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cyhid.sys -- (cyhid)
    DRV:64bit: - [2012/05/04 17:55:46 | 000,088,576 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cymfltr.sys -- (cymfltrService)
    DRV:64bit: - [2012/05/04 17:54:56 | 000,014,336 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cykbfltr.sys -- (cykbfltrService)
    DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2012/03/02 18:37:58 | 000,221,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2012/03/02 18:37:58 | 000,065,536 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2012/03/01 17:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/20 13:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2012/01/09 13:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2012/01/09 13:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/07/23 02:56:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/19 15:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/07/13 08:25:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/04/05 00:55:18 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
    DRV:64bit: - [2011/02/26 02:42:04 | 002,793,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athwx.sys -- (AR5416)
    DRV:64bit: - [2010/11/20 22:03:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 22:03:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:02:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 22:02:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 19:37:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 19:37:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:37:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 19:33:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 19:33:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 19:13:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010/11/20 18:27:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/12 16:53:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/10/25 12:55:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2010/10/15 18:58:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/15 05:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/09/15 05:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/09/09 04:35:34 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/02/27 08:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/11 02:58:26 | 000,129,536 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silvrlnk.sys -- (SilvrLnk)
    DRV:64bit: - [2009/09/04 09:00:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV:64bit: - [2009/08/14 03:50:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 10:30:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/09 19:30:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/11 07:05:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/26 11:31:18 | 000,187,392 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZid412.sys -- (HPZid412)
    DRV:64bit: - [2009/02/26 11:31:18 | 000,050,688 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZius12.sys -- (HPZius12)
    DRV:64bit: - [2009/02/26 11:28:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
    DRV:64bit: - [2009/02/26 11:28:58 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPEWSFXBULK)
    DRV:64bit: - [2008/07/04 16:19:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
    DRV:64bit: - [2007/11/27 09:52:48 | 000,087,552 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ubloxusb.sys -- (ubloxusb)
    DRV:64bit: - [2007/03/01 13:42:16 | 000,103,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabser.sys -- (slabser)
    DRV:64bit: - [2007/03/01 13:42:16 | 000,079,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabbus.sys -- (slabbus)
    DRV - [2009/07/14 11:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2004/02/05 03:57:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\tiehdusb.sys -- (TIEHDUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\..\SearchScopes\{345B4658-9952-4975-B1EA-4E622BF2F78C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^AU&apn_uid=AB99679A-F003-49BC-A66B-875A98882942&apn_sauid=1C80E440-C89C-4CED-A7E7-3B522771D43C
    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 172.27.143.10;172.27.143.11
    IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://10.60.184.52/wpad.dat


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files\eMusic Download Manager 6\npEMusic603.dll (eMusic.com)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/01/10 09:24:05 | 000,000,000 | ---D | M]

    [2013/04/18 14:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Staff\AppData\Roaming\mozilla\Firefox\Profiles\extensions
    [2013/04/01 18:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Staff\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
    [2013/04/01 18:02:22 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Staff\AppData\Roaming\mozilla\firefox\profiles\0\extensions\freehdsport@freehdsport.tv.xpi
    [2013/04/12 02:24:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Staff\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi
    [2012/10/31 18:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: eMusicPlugin DLM6 (Enabled) = C:\Program Files\eMusic Download Manager 6\npEMusic603.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
    CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Google Drive = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Ad-blocker for Gmail\u2122 = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo\2.8_0\
    CHR - Extension: Gmelius = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.7.6.2_0\
    CHR - Extension: Bookmarks Menu = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi\3.4.15_0\
    CHR - Extension: iCloud Bookmarks = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\
    CHR - Extension: Google Wallet = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

    O1 HOSTS File: ([2009/06/11 07:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
    O4:64bit: - HKLM..\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B920105-4E06-408F-A124-071952E54DCD}: NameServer = 198.142.0.51 61.88.88.88
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FDA443A-C14B-4E37-A6C8-59E95B20AAA9}: DhcpNameServer = 198.142.0.51 61.88.88.88
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C00FE9B-F40D-4121-BA32-4F86B292B10B}: DhcpNameServer = 198.142.0.51 211.29.132.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2FC7923-46FB-4495-B7D4-0591AA7B8F8C}: DhcpNameServer = 10.60.184.46
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E864945E-579F-457A-8EEF-906C85B63151}: DhcpNameServer = 10.0.0.138
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/09/13 07:08:04 | 000,148,320 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2011/09/13 07:08:04 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{890970ce-66c3-11e3-922a-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{890970ce-66c3-11e3-922a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SISetup.exe
    O33 - MountPoints2\{89097112-66c3-11e3-922a-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{89097112-66c3-11e3-922a-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\SISetup.exe
    O33 - MountPoints2\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O33 - MountPoints2\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/17 13:07:32 | 000,020,480 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mvusbews.sys
    [2013/12/17 13:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2013/12/12 10:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [1 C:\Users\Staff\Documents\*.tmp files -> C:\Users\Staff\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/01/07 16:18:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/07 16:17:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/07 16:17:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/07 14:37:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/07 14:32:17 | 000,012,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/07 14:32:17 | 000,012,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/07 14:25:56 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/07 14:25:56 | 000,621,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/07 14:25:56 | 000,108,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/07 14:19:39 | 3132,096,512 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/20 11:18:32 | 000,001,063 | ---- | M] () -- C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/12/20 11:18:25 | 000,001,031 | ---- | M] () -- C:\Users\Staff\Desktop\Dropbox.lnk
    [2013/12/17 13:11:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
    [2013/12/16 21:55:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/12/16 21:55:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [1 C:\Users\Staff\Documents\*.tmp files -> C:\Users\Staff\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/17 13:11:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
    [2013/12/17 13:07:34 | 000,350,720 | ---- | C] () -- C:\Windows\SysNative\mvhlewsi.dll
    [2013/12/17 13:07:30 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\mvusbews.dll
    [2013/02/15 10:14:13 | 000,009,216 | ---- | C] () -- C:\Users\Staff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/26 12:05:24 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll
    [2012/10/31 19:24:44 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\mnprxpd2f.bin
    [2012/08/23 23:25:58 | 000,989,150 | ---- | C] () -- C:\Users\Staff\.DLMSave_back.xml
    [2012/08/23 23:25:58 | 000,989,150 | ---- | C] () -- C:\Users\Staff\.DLMSave.xml
    [2012/08/23 23:25:30 | 000,001,215 | ---- | C] () -- C:\Users\Staff\.Setting.ini
    [2012/07/04 15:27:38 | 000,000,000 | ---- | C] () -- C:\Users\Staff\AppData\Local\{B59DBF25-D776-4FF3-B152-0001C1B9D567}
    [2012/07/04 15:26:39 | 000,000,000 | ---- | C] () -- C:\Users\Staff\AppData\Local\{31945AC8-87FF-4BD1-BEE7-B82656AB8BB9}
    [2012/06/28 16:32:45 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/28 11:23:30 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/06/28 11:23:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/06/28 11:23:14 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/01/11 01:34:27 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2012/01/11 01:34:20 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
    [2012/01/10 10:22:38 | 000,000,031 | ---- | C] () -- C:\Windows\FXE400.INI
    [2012/01/10 10:17:57 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/01/10 10:17:55 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/01/10 10:17:55 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/01/10 10:17:55 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/01/10 09:26:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/01/10 09:26:29 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012/01/10 09:26:18 | 000,105,600 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012/01/10 09:26:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/01/10 09:26:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012/01/10 07:54:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:49:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >

  8. The Following User Says Thank You to Haynzy For This Useful Post:


  9. #5
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    and the extras log:

    OTL Extras logfile created on: 1/7/2014 4:22:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Staff\Downloads
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.89 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 41.08% Memory free
    7.78 Gb Paging File | 5.18 Gb Available in Paging File | 66.65% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 118.94 Gb Total Space | 26.41 Gb Free Space | 22.21% Space Free | Partition Type: NTFS
    Drive D: | 33.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 931.51 Gb Total Space | 660.58 Gb Free Space | 70.92% Space Free | Partition Type: NTFS

    Computer Name: TH00DBDF0BDDF9 | User Name: Mike Hayes | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4013523473-2947983006-3160469227-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0CF1AB12-67B4-45CC-A5B1-8C89FE458E08}" = lport=137 | protocol=17 | dir=in | app=system |
    "{13A2DDC6-9D37-41FF-8162-CBCD2A7EF37B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{247AE354-CDE7-47A7-9A4D-F9F31F333B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{28A10059-6CD7-4AE9-8A05-797A78F8984B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{475593B5-F18F-4161-A2D8-0CF546C801D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4C1C91A1-FB23-4A8B-AD84-510F2194A606}" = rport=445 | protocol=6 | dir=out | app=system |
    "{53EBE478-36B5-4458-99D9-BA1E4D6D7B39}" = rport=138 | protocol=17 | dir=out | app=system |
    "{550CB342-DF1F-47FE-A9FA-CAC92499B092}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5901414C-D26C-4B4F-A5EB-53E1815D0F44}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6502672C-15A0-413B-AE79-4024F6882F3C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{69E851F3-00AF-4552-A80E-0E438C42A92A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{73BF768F-4085-4006-8156-7F95E450724A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A1715FED-0395-4D1C-8E9D-38CF12EB61C6}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
    "{A4CC93B4-7631-46E7-BAE6-A55BE2F12879}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{AAE028E8-89C0-45D2-9FD8-7EFD1BDF0599}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B5459378-960E-43DD-AF4A-2254C14B6F78}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CAECB15F-EDAB-489C-884D-50B037A8AEBB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DA80C5B4-6A08-496C-80C4-7A4822629D6E}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{E4C26D35-68B9-4562-8D56-C126389F7CD4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F4C55B85-DD50-44C2-A6DE-EB753649E5A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F5D91587-7683-419F-906B-2286FB8A7DDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F83BED37-2D39-4A9C-806C-B1828DA38C2E}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FF48F389-4B9B-4589-8D0A-F59B04EA6F24}" = rport=139 | protocol=6 | dir=out | app=system |
    "{FF5B9EFB-9CA3-4D6E-B080-FD2B30F86973}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0011FC3A-01BE-40FD-822E-DA67C1683FB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{01B0C00D-6CB3-4856-86E9-83FBE8973865}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{07995396-555E-410D-8EB2-2FE6BF10374E}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{08E3335A-9031-44C6-9A0E-F51439776FF4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{09493ADF-0EE4-4537-B418-D4BF22C78919}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{0BBE92EC-516F-491C-B9B5-1ECB915739B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0BFFDF46-C1EF-4C0A-9D71-6589AAC541AB}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{122991D7-2B4A-41B5-AD9D-5B200E931B71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{17A610CD-3103-4543-B8F3-AFAB29766558}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{301B6381-B174-4DAD-803B-1F260060D68D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{33DF2381-184A-4EF7-9C89-D5FF32D58BA6}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{33E0DA7E-B3CE-469A-945A-7599FA16B94C}" = protocol=17 | dir=in | app=c:\users\staff\appdata\roaming\dropbox\bin\dropbox.exe |
    "{3637E4DA-6A8E-4AE8-A6D1-73640AE9E7AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{4AF9E257-F157-4216-9BE3-F6B9D7250E3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5037E2B7-FB3E-4C43-BF7B-C135556E723D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5788F2A0-EC01-43BA-86BB-0CFAB379EC8B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{58580072-4DF9-422C-8237-C41A3FFC1821}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{5A7D54F2-AB56-4BE5-A70A-DF658296CD4C}" = protocol=6 | dir=in | app=c:\users\staff\appdata\roaming\dropbox\bin\dropbox.exe |
    "{710B99DF-AB92-4B35-9D1E-0C10CBF32FAA}" = protocol=6 | dir=out | app=system |
    "{79D0C9AF-774A-46D0-AFEF-86984444E346}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{86BB2A4C-F119-4C38-A33C-2019F465EF73}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{86FA9A6C-CB82-4D27-977F-C3586DF602C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{879079F3-7279-49F1-B894-D391108CD6BB}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{8DC78F90-D27F-405F-AD28-891879B7CAC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{98BC15D5-1518-4C7E-BF77-5F50E2C30051}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9D21592F-C1BF-4A85-BEEC-75B3406E313C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{A5A6A409-E5B9-423D-A9C9-B4A33BDB22A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B70CFC87-41D8-4B07-87E3-CB4053FD55C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B9402B8A-0E6B-4BCE-987B-05BA94DB23E6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BA5C769C-B818-485B-8AC6-130C5EB26792}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{BCE53C7D-6B8D-4B0C-84BC-574969343627}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{C1022DCC-D9B7-4740-814F-C56905798A9D}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
    "{CCC4BA65-2F8D-4A4B-9A52-C7FDF53F1C9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D065674D-CF38-4D3B-8BC8-B272A504FBF9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{D15B802E-F504-452F-BC29-65A35EC72434}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
    "{D62D9C49-3D0B-416D-8006-C4EB7EC2063C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E21974AE-8FAC-4110-AF69-91432C09CE98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{E3606B55-60FD-4CEE-BB34-1DF75397EF78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8FC5DF4-B1B2-40E2-B99F-DA589B3D08A3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{EDB6223D-A871-44C4-872E-36C108608727}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F6F88D97-D84D-4185-9B57-63B09A0170BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{28A8BC30-6FA7-4130-9D30-53B8ACD8EA8C}C:\users\staff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\staff\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{8EEA35F4-3C20-4917-9FEF-46B229F07131}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
    "TCP Query User{F0E25CD5-D5FD-4096-B197-F57267197F26}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
    "TCP Query User{FAAEB6DC-7B3C-4D1E-8B8A-383C35A91C7C}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "UDP Query User{4CAAE37B-1FF5-4F89-BC04-D69089F27079}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "UDP Query User{5090A46E-3BF7-4F0C-B3B9-007748275FC6}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
    "UDP Query User{AD14069B-8818-4F72-9EE1-4F3C370633B5}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
    "UDP Query User{BBB3272A-09AB-4D99-9058-78C368B6BC12}C:\users\staff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\staff\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E0818E4-C87B-4211-9791-E958BD34B96C}" = Microsoft Forefront Endpoint Protection 2010 Server Management
    "{237D687E-9E50-4A30-B810-262764CC491B}" = Garmin Communicator Plugin x64
    "{2844F6D2-60B7-4943-BB91-089409ACC2C4}" = AuSIL Yolngu
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1" = Cypress TrackPad
    "{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
    "{840F2008-235E-494A-9E72-F7B424C48569}" = Fresco Logic USB3.0 Host Controller
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{7A62504E-F944-4FCD-90D5-D0B84A41DFC4}" =
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B5B018CD-A8FD-452A-90D0-1398CBBE8AC8}" = cs5
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
    "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
    "{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi Software
    "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
    "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
    "Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
    "EPSON WorkForce 435 Series" = EPSON WorkForce 435 Series Printer Uninstall
    "LSI Soft Modem" = LSI HDA Modem
    "MediaCoder x64" = MediaCoder x64 2011
    "Microsoft Security Client" = Microsoft Forefront Endpoint Protection 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "ProInst" = Intel PROSet Wireless

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E5DD7A3-BE29-430C-970B-C553F4A58C39}" = SMART Common Platform
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4723F199-FA64-4233-8E6E-9FCCC95A18EE}" = Python 2.6.5
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin
    "{660B0281-20C5-4FC9-A249-40C860262435}" = SMART English (United Kingdom) Language Pack
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{890D03E5-CB6B-460E-8589-FB550876DD7C}" = X-Sheet Invoicing
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{988588EF-86E0-4E21-A1EE-6C7D3B84AB22}" = ClickView Player
    "{A4E43135-BBC1-433A-B04A-A8F6FF0E6E23}" = SMART Education Software 2011
    "{A54D4EFD-BED1-41D7-A562-BBC403C56DD7}" = Scratch
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB2B0854-7656-47B4-9ACC-F2CD62A9B332}" = Logger Pro 3
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
    "{C6586FE3-7DBE-4F71-BA8A-A4998F6F0A96}" = Vernier Experiments
    "{C6BA8F0C-ACC9-3F30-9B97-159BBE0AA48F}" = Google Chrome
    "{D34598D1-07B8-4EB6-AD9A-DBDF58FFC19F}" = Adobe Shockwave Player 11.6
    "{D8D2B468-8342-411A-8760-BCC362C3408F}" = Adobe Creative Suite 5.5 Master Collection
    "{ED0FF410-41B9-441F-B457-4AC81782E8BF}" = SMART Notebook
    "{ED993825-5744-4707-A65D-7E7CD4D5C6C5}" = Text-to-Speech
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFF14233-FE39-4671-A38E-76FD8F24A879}" = e-tax 2013
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EasyGPS_is1" = EasyGPS 4.58
    "eMusic Download Manager 5.0.5" = eMusic Download Manager
    "eMusic Download Manager 6" = eMusic Download Manager 6
    "EPSON Scanner" = EPSON Scan
    "ESET Online Scanner" = ESET Online Scanner v3
    "FormatFactory" = FormatFactory 2.80
    "FX MathPack_is1" = FX MathPack
    "GSAK_is1" = GSAK 8.2.0.11
    "ImgBurn" = ImgBurn
    "InstallShield_{AB2B0854-7656-47B4-9ACC-F2CD62A9B332}" = Logger Pro 3.8.3
    "KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Optus Mobile Broadband" = Optus Mobile Broadband
    "SecondLifeViewer" = SecondLifeViewer (remove only)
    "SP_f2a323db" = BrowseToSave 1.74

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4013523473-2947983006-3160469227-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/1/2013 8:00:02 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2012

    Error - 12/1/2013 8:00:03 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/1/2013 8:00:03 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3011

    Error - 12/1/2013 8:00:03 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

    Error - 12/1/2013 8:00:04 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/1/2013 8:00:04 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4009

    Error - 12/1/2013 8:00:04 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4009

    Error - 12/1/2013 8:00:05 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/1/2013 8:00:05 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5008

    Error - 12/1/2013 8:00:05 PM | Computer Name = TH00DBDF0BDDF9 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5008

    [ System Events ]
    Error - 7/10/2013 11:09:32 AM | Computer Name = TH00DBDF0BDDF9 | Source = Service Control Manager | ID = 7000
    Description = The Optus Mobile Broadband. OUC service failed to start due to the
    following error: %%1053

    Error - 7/10/2013 11:09:33 AM | Computer Name = TH00DBDF0BDDF9 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 7/11/2013 11:14:36 AM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1675.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/11/2013 7:14:36 PM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1760.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/12/2013 3:14:36 AM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1792.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/12/2013 11:14:36 AM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1821.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/14/2013 1:47:25 AM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1846.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/14/2013 1:56:31 AM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1950.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/14/2013 11:14:36 AM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1950.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 7/14/2013 7:14:36 PM | Computer Name = TH00DBDF0BDDF9 | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.153.1961.0 Update Source: %%849 Update Stage:
    %%852 Source Path: http://dogmatix Signature Type: %%800 Update Type: %%803 User: NT
    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.


    < End of report >

    # AdwCleaner v3.016 - Report created 07/01/2014 at 17:36:26
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
    # Username : Mike Hayes - TH00DBDF0BDDF9
    # Running from : C:\Users\Staff\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Program Files (x86)\BrowseToSave
    File Deleted : C:\Users\Staff\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\freehdsport@freehdsport.tv.xpi
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EasyGPS_is1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\IB Updater

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16450


    -\\ Mozilla Firefox v

    [ File : C:\Users\Staff\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


    [ File : C:\Users\Staff\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


    [ File : C:\Users\Staff\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : urls_to_restore_on_startup

    [ File : C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [4860 octets] - [07/01/2014 16:59:35]
    AdwCleaner[S0].txt - [4493 octets] - [07/01/2014 17:36:26]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4553 octets] ##########

  10. The Following User Says Thank You to Haynzy For This Useful Post:


  11. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi Haynzy

    Download and RunPanda USB Vaccine

    Please download Panda USB Vaccine. There's a link for Australia on the website.

    Panda USB Vaccine disables autorun on your PC to protect you from being infected, but also protects your USB drives from spreading viruses when you use them in another PC.
    Using the tool is a simple matter of installing and then launching it, and clicking the Vaccinate computer button to disable autorun completely on your PC, which prevents malware from spreading to your PC through a flash drive. The interesting feature, however, is the ability to "vaccinate" your flash drive, which essentially just creates a hidden, protected autorun file on the drive so that viruses won't be able to easily infect it.

    Next

    We need to do a fix using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      
      IE - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\..\SearchScopes\{345B4658-9952-4975-B1EA-4E622BF2F78C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^AU&apn_uid=AB99679A-F003-49BC-A66B-875A98882942&apn_sauid=1C80E440-C89C-4CED-A7E7-3B522771D43C
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-4013523473-2947983006-3160469227-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O32 - AutoRun File - [2011/09/13 07:08:04 | 000,148,320 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
      O32 - AutoRun File - [2011/09/13 07:08:04 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
      O33 - MountPoints2\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{890970ce-66c3-11e3-922a-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{890970ce-66c3-11e3-922a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SISetup.exe
      O33 - MountPoints2\{89097112-66c3-11e3-922a-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{89097112-66c3-11e3-922a-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\SISetup.exe
      O33 - MountPoints2\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      O33 - MountPoints2\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      O33 - MountPoints2\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\Shell - "" = AutoRun
      O33 - MountPoints2\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2011/09/13 07:08:04 | 000,148,320 | R--- | M] ()
      
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      
      [resethosts]
      [emptytemp]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Please post the following logs in your next reply:

    • OTL Fix log located here ---> C:\_OTL\Moved Files
    • OTL.txt after quick scan
    • JRT.txt



    Thanks
    Joe

  12. The Following User Says Thank You to zep516 For This Useful Post:


  13. #7
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Thanks Joe,

    Hee are the scan logs you requested.

    Cheers


    OTL Fix Log scan:


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-4013523473-2947983006-3160469227-1003\Software\Microsoft\Internet Explorer\SearchScopes\{345B4658-9952-4975-B1EA-4E622BF2F78C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{345B4658-9952-4975-B1EA-4E622BF2F78C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-4013523473-2947983006-3160469227-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aceb106-00b3-11e2-b5bc-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aceb122-00b3-11e2-b5bc-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42d3f507-00af-11e2-94eb-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42d3f534-00af-11e2-94eb-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6834c2f1-0781-11e2-b553-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890970ce-66c3-11e3-922a-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890970ce-66c3-11e3-922a-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890970ce-66c3-11e3-922a-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890970ce-66c3-11e3-922a-806e6f6e6963}\ not found.
    File D:\SISetup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89097112-66c3-11e3-922a-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89097112-66c3-11e3-922a-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89097112-66c3-11e3-922a-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89097112-66c3-11e3-922a-00dbdf0bddfc}\ not found.
    File D:\SISetup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a9654ed-008e-11e2-9817-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96550a-008e-11e2-9817-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ca530a6-037c-11e2-b750-00dbdf0bddfc}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc6041cc-cf9f-11e1-9395-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc6041d9-cf9f-11e1-9395-00dbdf0bddfc}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Staff\Downloads\cmd.bat deleted successfully.
    C:\Users\Staff\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 1907768 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Staff
    ->Temp folder emptied: 4513071984 bytes
    ->Temporary Internet Files folder emptied: 392459985 bytes
    ->Java cache emptied: 43032057 bytes
    ->Google Chrome cache emptied: 51121711 bytes
    ->Flash cache emptied: 8740 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 36754938 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7798661 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 512 bytes

    Total Files Cleaned = 4,812.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01082014_113717



    OTL Quick scan after the fix:

    OTL logfile created on: 1/8/2014 12:10:27 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Staff\Downloads
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    3.89 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 49.57% Memory free
    7.78 Gb Paging File | 5.49 Gb Available in Paging File | 70.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 118.94 Gb Total Space | 30.60 Gb Free Space | 25.73% Space Free | Partition Type: NTFS
    Drive D: | 33.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 931.51 Gb Total Space | 660.58 Gb Free Space | 70.92% Space Free | Partition Type: NTFS

    Computer Name: TH00DBDF0BDDF9 | User Name: Mike Hayes | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/07 16:21:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Staff\Downloads\OTL.exe
    PRC - [2013/12/18 11:32:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2013/12/04 13:18:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2013/11/20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/09/14 04:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    PRC - [2013/05/11 21:07:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/03/02 10:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2012/09/17 21:06:31 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Optus Mobile Broadband.exe
    PRC - [2012/09/17 21:06:26 | 000,655,712 | ---- | M] () -- C:\ProgramData\Optus Mobile Broadband\OnlineUpdate\ouc.exe
    PRC - [2011/05/21 01:40:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/05/21 01:40:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/03/15 01:57:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
    PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/01/08 11:45:57 | 001,153,024 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\_ssl.pyd
    MOD - [2014/01/08 11:45:57 | 000,811,008 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\wx._windows_.pyd
    MOD - [2014/01/08 11:45:57 | 000,805,888 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\wx._gdi_.pyd
    MOD - [2014/01/08 11:45:57 | 000,711,680 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\_hashlib.pyd
    MOD - [2014/01/08 11:45:57 | 000,110,080 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\pywintypes27.dll
    MOD - [2014/01/08 11:45:57 | 000,087,040 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\_ctypes.pyd
    MOD - [2014/01/08 11:45:57 | 000,070,656 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\wx._html2.pyd
    MOD - [2014/01/08 11:45:57 | 000,035,840 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32process.pyd
    MOD - [2014/01/08 11:45:57 | 000,026,624 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\_multiprocessing.pyd
    MOD - [2014/01/08 11:45:57 | 000,024,064 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32pipe.pyd
    MOD - [2014/01/08 11:45:56 | 001,175,040 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\wx._core_.pyd
    MOD - [2014/01/08 11:45:56 | 001,062,400 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\wx._controls_.pyd
    MOD - [2014/01/08 11:45:56 | 000,735,232 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\wx._misc_.pyd
    MOD - [2014/01/08 11:45:56 | 000,686,080 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\unicodedata.pyd
    MOD - [2014/01/08 11:45:56 | 000,557,056 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\pysqlite2._sqlite.pyd
    MOD - [2014/01/08 11:45:56 | 000,521,680 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\windows._lib_cacheinvalidation.pyd
    MOD - [2014/01/08 11:45:56 | 000,364,544 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\pythoncom27.dll
    MOD - [2014/01/08 11:45:56 | 000,320,512 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32com.shell.shell.pyd
    MOD - [2014/01/08 11:45:56 | 000,128,512 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\_elementtree.pyd
    MOD - [2014/01/08 11:45:56 | 000,127,488 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\pyexpat.pyd
    MOD - [2014/01/08 11:45:56 | 000,122,368 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\wx._wizard.pyd
    MOD - [2014/01/08 11:45:56 | 000,119,808 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32file.pyd
    MOD - [2014/01/08 11:45:56 | 000,108,544 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32security.pyd
    MOD - [2014/01/08 11:45:56 | 000,098,816 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32api.pyd
    MOD - [2014/01/08 11:45:56 | 000,044,032 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\_socket.pyd
    MOD - [2014/01/08 11:45:56 | 000,038,912 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32inet.pyd
    MOD - [2014/01/08 11:45:56 | 000,025,600 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32pdh.pyd
    MOD - [2014/01/08 11:45:56 | 000,022,528 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32ts.pyd
    MOD - [2014/01/08 11:45:56 | 000,018,432 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32event.pyd
    MOD - [2014/01/08 11:45:56 | 000,017,408 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32profile.pyd
    MOD - [2014/01/08 11:45:56 | 000,011,264 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\win32crypt.pyd
    MOD - [2014/01/08 11:45:56 | 000,010,240 | ---- | M] () -- C:\Users\Staff\AppData\Local\Temp\_MEI38322\select.pyd
    MOD - [2013/12/18 11:31:12 | 003,558,400 | ---- | M] () -- C:\Users\Staff\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/12/04 13:18:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
    MOD - [2013/12/04 13:18:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
    MOD - [2013/12/04 13:17:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
    MOD - [2013/12/04 13:17:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
    MOD - [2013/12/04 13:17:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
    MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
    MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
    MOD - [2013/08/24 05:31:44 | 025,100,288 | ---- | M] () -- C:\Users\Staff\AppData\Roaming\Dropbox\bin\libcef.dll
    MOD - [2012/09/17 21:06:31 | 000,514,048 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Optus Mobile Broadband.exe
    MOD - [2012/09/17 21:06:28 | 009,515,520 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtGui4.dll
    MOD - [2012/09/17 21:06:28 | 002,415,104 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtCore4.dll
    MOD - [2012/09/17 21:06:28 | 001,148,416 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtNetwork4.dll
    MOD - [2012/09/17 21:06:28 | 000,827,904 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\SMSUIPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,670,720 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\SmsAppPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,545,280 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\PluginContainer.dll
    MOD - [2012/09/17 21:06:28 | 000,398,336 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\QtXml4.dll
    MOD - [2012/09/17 21:06:28 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Proxy.dll
    MOD - [2012/09/17 21:06:28 | 000,370,176 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qtiff4.dll
    MOD - [2012/09/17 21:06:28 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qmng4.dll
    MOD - [2012/09/17 21:06:28 | 000,309,760 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\StatusBarMgrPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetInfoSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\sdk.dll
    MOD - [2012/09/17 21:06:28 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\SmsSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,212,480 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\ToolBarMgrPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qjpeg4.dll
    MOD - [2012/09/17 21:06:28 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\XFramePlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,160,256 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\XCodec.dll
    MOD - [2012/09/17 21:06:28 | 000,156,672 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\STKSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\USSDSrvPlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Trace.dll
    MOD - [2012/09/17 21:06:28 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSDialup.dll
    MOD - [2012/09/17 21:06:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSNDIS.dll
    MOD - [2012/09/17 21:06:28 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Win7Support.dll
    MOD - [2012/09/17 21:06:28 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSAdapt.dll
    MOD - [2012/09/17 21:06:28 | 000,093,184 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NotifyServicePlugin.dll
    MOD - [2012/09/17 21:06:28 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qgif4.dll
    MOD - [2012/09/17 21:06:28 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\plugins\imageformats\qico4.dll
    MOD - [2012/09/17 21:06:28 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSPowerMgr.dll
    MOD - [2012/09/17 21:06:28 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\OSCall.dll
    MOD - [2012/09/17 21:06:27 | 001,101,824 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NDISAPI.dll
    MOD - [2012/09/17 21:06:27 | 000,693,760 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\LiveUpdateInterface.dll
    MOD - [2012/09/17 21:06:27 | 000,539,648 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DeviceMgrUIPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DialupUIPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\core.dll
    MOD - [2012/09/17 21:06:27 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DeviceAppPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetConnectPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,304,128 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DeviceSrvPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,295,424 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\MenuMgrPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,211,968 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DialUpPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,180,736 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NDISPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,158,720 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\NetConnectSrvPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,157,184 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\DataServicePlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\LayoutPlugin.dll
    MOD - [2012/09/17 21:06:27 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\libgcc_s_dw2-1.dll
    MOD - [2012/09/17 21:06:27 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\mingwm10.dll
    MOD - [2012/09/17 21:06:26 | 001,078,272 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AddrBookPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,771,584 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AddrBookUIPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,547,840 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\CallLogSrvPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AddrBookSrvPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\AtCodec.dll
    MOD - [2012/09/17 21:06:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\Common.dll
    MOD - [2012/09/17 21:06:26 | 000,182,272 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\CallAppPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\CallSrvPlugin.dll
    MOD - [2012/09/17 21:06:26 | 000,123,392 | ---- | M] () -- C:\Program Files (x86)\Optus Mobile Broadband\ATR2SMgr.dll
    MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    MOD - [2012/07/16 15:04:00 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
    MOD - [2012/07/16 15:04:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
    MOD - [2012/07/16 14:26:20 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/07/16 14:26:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/07/16 14:25:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/07/16 14:25:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/07/16 14:25:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/07/16 14:25:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/07/16 14:25:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/07/16 14:25:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/07/16 14:25:15 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/05/30 21:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 21:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/17 16:41:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/10/21 08:15:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/05/08 09:07:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2012/12/09 19:50:29 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
    SRV:64bit: - [2012/02/26 06:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
    SRV:64bit: - [2012/02/26 06:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2012/02/26 06:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2012/02/26 06:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2012/01/17 17:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
    SRV:64bit: - [2012/01/09 13:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
    SRV:64bit: - [2011/05/18 14:31:14 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
    SRV:64bit: - [2010/11/12 06:06:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2010/11/12 06:06:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 12:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/12/16 21:55:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/16 13:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/11 21:07:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/17 21:06:26 | 000,655,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Optus Mobile Broadband\UpdateDog\ouc.exe -- (Optus Mobile Broadband. RunOuc)
    SRV - [2011/05/21 01:40:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/03/15 01:57:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
    SRV - [2010/02/20 06:07:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/19 00:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,417,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2012/09/17 21:06:29 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
    DRV:64bit: - [2012/09/17 21:06:28 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/06/25 14:53:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
    DRV:64bit: - [2012/05/04 18:58:52 | 000,125,440 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cyhid.sys -- (cyhid)
    DRV:64bit: - [2012/05/04 17:55:46 | 000,088,576 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cymfltr.sys -- (cymfltrService)
    DRV:64bit: - [2012/05/04 17:54:56 | 000,014,336 | ---- | M] (Cypress Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cykbfltr.sys -- (cykbfltrService)
    DRV:64bit: - [2012/03/26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2012/03/02 18:37:58 | 000,221,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2012/03/02 18:37:58 | 000,065,536 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2012/03/01 17:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/20 13:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
    DRV:64bit: - [2012/01/09 13:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
    DRV:64bit: - [2012/01/09 13:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/07/23 02:56:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/19 15:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/07/13 08:25:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/04/05 00:55:18 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
    DRV:64bit: - [2011/02/26 02:42:04 | 002,793,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athwx.sys -- (AR5416)
    DRV:64bit: - [2010/11/20 22:03:58 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010/11/20 22:03:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:02:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/20 22:02:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 19:37:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010/11/20 19:37:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:37:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/20 19:33:44 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2010/11/20 19:33:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/20 19:13:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010/11/20 18:27:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/12 16:53:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/10/25 12:55:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2010/10/15 18:58:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/15 05:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/09/15 05:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/09/09 04:35:34 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/02/27 08:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/11 02:58:26 | 000,129,536 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silvrlnk.sys -- (SilvrLnk)
    DRV:64bit: - [2009/09/04 09:00:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV:64bit: - [2009/08/14 03:50:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 10:30:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/09 19:30:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/11 07:05:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/26 11:31:18 | 000,187,392 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZid412.sys -- (HPZid412)
    DRV:64bit: - [2009/02/26 11:31:18 | 000,050,688 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HPZius12.sys -- (HPZius12)
    DRV:64bit: - [2009/02/26 11:28:58 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
    DRV:64bit: - [2009/02/26 11:28:58 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPEWSFXBULK)
    DRV:64bit: - [2008/07/04 16:19:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
    DRV:64bit: - [2007/11/27 09:52:48 | 000,087,552 | ---- | M] (u-blox AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ubloxusb.sys -- (ubloxusb)
    DRV:64bit: - [2007/03/01 13:42:16 | 000,103,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabser.sys -- (slabser)
    DRV:64bit: - [2007/03/01 13:42:16 | 000,079,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabbus.sys -- (slabbus)
    DRV - [2009/07/14 11:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2004/02/05 03:57:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\tiehdusb.sys -- (TIEHDUSB)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 172.27.143.10;172.27.143.11
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://10.60.184.52/wpad.dat


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files\eMusic Download Manager 6\npEMusic603.dll (eMusic.com)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/01/10 09:24:05 | 000,000,000 | ---D | M]

    [2013/04/18 14:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Staff\AppData\Roaming\mozilla\Firefox\Profiles\extensions
    [2014/01/07 17:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Staff\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
    [2013/04/12 02:24:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\Staff\AppData\Roaming\mozilla\firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi
    [2012/10/31 18:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - Extension: Google Docs = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
    CHR - Extension: YouTube = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Wallet = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
    CHR - Extension: Gmail = C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2014/01/08 11:37:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe (Cypress Semiconductor Corporation)
    O4:64bit: - HKLM..\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe (Cypress Semiconductor, Inc.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - Startup: C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Staff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B920105-4E06-408F-A124-071952E54DCD}: NameServer = 198.142.0.51 61.88.88.88
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FDA443A-C14B-4E37-A6C8-59E95B20AAA9}: DhcpNameServer = 198.142.0.51 61.88.88.88
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C00FE9B-F40D-4121-BA32-4F86B292B10B}: DhcpNameServer = 198.142.0.51 211.29.132.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2FC7923-46FB-4495-B7D4-0591AA7B8F8C}: DhcpNameServer = 10.60.184.46
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/09/13 07:08:04 | 000,148,320 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2011/09/13 07:08:04 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/08 11:37:17 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/01/08 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2014/01/08 11:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
    [2014/01/08 11:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
    [2014/01/07 18:41:58 | 000,000,000 | ---D | C] -- C:\Users\Staff\AppData\Local\Diagnostics
    [2014/01/07 16:57:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/17 13:07:32 | 000,020,480 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mvusbews.sys
    [2013/12/17 13:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2013/12/12 10:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [1 C:\Users\Staff\Documents\*.tmp files -> C:\Users\Staff\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/01/08 12:05:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/08 11:58:17 | 000,012,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/08 11:58:17 | 000,012,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/08 11:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/08 11:51:54 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/08 11:51:54 | 000,621,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/08 11:51:54 | 000,108,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/08 11:46:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/08 11:45:37 | 3132,096,512 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/08 11:37:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2014/01/08 11:37:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/20 11:18:32 | 000,001,063 | ---- | M] () -- C:\Users\Staff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/12/20 11:18:25 | 000,001,031 | ---- | M] () -- C:\Users\Staff\Desktop\Dropbox.lnk
    [2013/12/17 13:11:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
    [1 C:\Users\Staff\Documents\*.tmp files -> C:\Users\Staff\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/17 13:11:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
    [2013/12/17 13:07:34 | 000,350,720 | ---- | C] () -- C:\Windows\SysNative\mvhlewsi.dll
    [2013/12/17 13:07:30 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\mvusbews.dll
    [2013/02/15 10:14:13 | 000,009,216 | ---- | C] () -- C:\Users\Staff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/12/26 12:05:24 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll
    [2012/10/31 19:24:44 | 000,000,033 | ---- | C] () -- C:\Windows\SysWow64\mnprxpd2f.bin
    [2012/08/23 23:25:58 | 000,989,150 | ---- | C] () -- C:\Users\Staff\.DLMSave_back.xml
    [2012/08/23 23:25:58 | 000,989,150 | ---- | C] () -- C:\Users\Staff\.DLMSave.xml
    [2012/08/23 23:25:30 | 000,001,215 | ---- | C] () -- C:\Users\Staff\.Setting.ini
    [2012/07/04 15:27:38 | 000,000,000 | ---- | C] () -- C:\Users\Staff\AppData\Local\{B59DBF25-D776-4FF3-B152-0001C1B9D567}
    [2012/07/04 15:26:39 | 000,000,000 | ---- | C] () -- C:\Users\Staff\AppData\Local\{31945AC8-87FF-4BD1-BEE7-B82656AB8BB9}
    [2012/06/28 16:32:45 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/28 11:23:30 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2012/06/28 11:23:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/06/28 11:23:14 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2012/01/11 01:34:27 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2012/01/11 01:34:20 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3118.dll
    [2012/01/10 10:22:38 | 000,000,031 | ---- | C] () -- C:\Windows\FXE400.INI
    [2012/01/10 10:17:57 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/01/10 10:17:55 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/01/10 10:17:55 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/01/10 10:17:55 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/01/10 09:26:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2012/01/10 09:26:29 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012/01/10 09:26:18 | 000,105,600 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012/01/10 09:26:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2012/01/10 09:26:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012/01/10 07:54:54 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:49:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/12/08 20:53:30 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\CoSoSys
    [2014/01/08 11:46:38 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\Dropbox
    [2013/02/05 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\EPSON
    [2012/12/26 10:58:04 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\Garmin
    [2013/01/18 08:24:16 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\gsak
    [2013/11/26 11:25:08 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\ImgBurn
    [2013/01/23 11:09:47 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\Leadertech
    [2012/08/05 22:10:55 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\SecondLife
    [2012/07/20 01:13:45 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\SMART Technologies
    [2012/07/19 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Staff\AppData\Roaming\SMART Technologies Inc

    ========== Purity Check ==========



    < End of report >


    JRT scan log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.9 (01.01.2014:1)
    OS: Windows 7 Enterprise x64
    Ran by Mike Hayes on Wed 08/01/2014 at 12:26:48.17
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 08/01/2014 at 12:33:07.32
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Thanks

  14. The Following User Says Thank You to Haynzy For This Useful Post:


  15. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello Haynzy,

    How is everything now?

  16. The Following User Says Thank You to zep516 For This Useful Post:


  17. #9
    Member
    Join Date
    Sep 2006
    Posts
    68
    Points
    6

    Default

    Hi Joe,

    It all looks good thanks.

    The folders are back to normal.

    Is there anything on the portable hard drive that I need to get rid of or would that be dealt with by the Panda USB Vaccine?

    Cheers

  18. The Following User Says Thank You to Haynzy For This Useful Post:


  19. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello Haynzy,

    No. Panda would have taken care of everything.

    Lets double check the computer by running an Online scan.

    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Note: If you are using Windows Vista, win7, or 8 open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • Please go >>HERE<< then click on:

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      1. Scan for potentially unwanted applications
      2. Scan for potentially unsafe applications
      3. Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt)
    • Copy and paste that log as a reply to this topic.
    • Now click on:
      (Selecting Uninstall application on close if you so wish)


    In your next reply please post the

    • ESET Scanner Log


    Thanks
    Joe

Page 1 of 2 12 LastLast