PDA

View Full Version : Google Search Redirect



Cat2nd
2012-01-05, 17:18
Annoying redirection happening after a google link is clicked.

Any insight is greatly appreciated!



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Chris at 10:51:24 on 2012-01-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6142.4362 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DCPFLICS\dcpflics.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files (x86)\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12
TCP: Interfaces\{A6E98B69-7A6F-48E3-AED0-98250C33FEED} : NameServer = 192.168.201.200,68.237.161.12
TCP: Interfaces\{A6E98B69-7A6F-48E3-AED0-98250C33FEED} : DhcpNameServer = 68.237.161.12 71.250.0.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Authentication Packages = msv1_0 wvauth
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun-x64: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\47o0whze.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2012-1-4 48888]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-8-24 517488]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-2 652872]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2012-1-4 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-1-4 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-1-4 955816]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-4-27 316992]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-1-4 169624]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-12 1030600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-04 17:12:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-04 17:11:31 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-01-04 17:11:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-01-03 20:46:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-03 20:10:08 -------- d-----w- C:\ProgramData\xml_param
2012-01-03 20:08:55 158720 ----a-w- C:\Windows\SysWow64\WS_VideoConverterContextMenu.dll
2012-01-03 20:08:52 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2012-01-03 20:08:52 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2012-01-03 20:08:52 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-01-03 20:08:51 -------- d-----w- C:\Program Files (x86)\Wondershare
2012-01-03 20:04:54 -------- d-----w- C:\OutputFolder
2012-01-03 20:04:46 -------- d-----w- C:\Program Files (x86)\Digiarty
2012-01-03 19:39:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\SorensonMedia
2012-01-03 15:58:55 -------- d-----we C:\Windows\system64
2011-12-28 22:08:45 -------- d-----w- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2011-12-23 14:49:18 -------- d-----w- C:\Program Files (x86)\SWFObject 2 generator v1.2 AIR
2011-12-21 19:14:46 -------- d-----r- C:\Program Files (x86)\Skype
2011-12-19 16:40:37 -------- d-----r- C:\Users\Chris\Virtual Machines
2011-12-19 16:33:16 793600 ----a-w- C:\Windows\SysWow64\vmsal.exe
2011-12-19 16:31:42 -------- d-----w- C:\Program Files\Windows XP Mode
2011-12-19 15:55:39 -------- d-----w- C:\Users\Chris\AppData\Local\Google
2011-12-15 14:40:32 142120 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
2011-12-15 14:40:23 -------- d-----w- C:\Program Files (x86)\SafeNet Sentinel
2011-12-15 14:40:22 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2011-12-15 14:39:02 -------- d-----w- C:\Program Files\NewTek
2011-12-14 15:18:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-14 15:18:42 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2011-12-12 20:35:31 -------- d-----w- C:\Program Files\WAKiosk
2011-12-12 15:46:51 -------- d-----w- C:\Users\Chris\AppData\Roaming\DisplayFusion
2011-12-12 15:46:18 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2011-12-12 14:16:55 -------- d-----w- C:\Users\Chris\AppData\Roaming\Autodesk
2011-12-12 14:16:47 -------- d-----w- C:\Users\Chris\AppData\Local\Autodesk
2011-12-09 19:28:45 -------- d-----w- C:\Users\Chris\AppData\Roaming\OpenOffice.org
2011-12-09 16:53:49 -------- d-----w- C:\Users\Chris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-09 16:51:52 -------- d-----w- C:\Users\Chris\AppData\Local\Apple Computer
2011-12-08 15:44:48 -------- d-----w- C:\Program Files (x86)\AutoHotkey
2011-12-08 15:14:56 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2011-12-08 15:14:53 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-08 15:14:50 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-08 15:14:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-08 14:36:25 -------- d-----w- C:\Users\Chris\AppData\Local\Thunderbird
2011-12-08 14:32:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\.purple
2011-12-08 14:32:05 -------- d-----w- C:\Users\Chris\AppData\Local\Mozilla
2011-12-08 14:08:40 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE5EAF31-CEB5-410A-A7AF-F685506B5BB9}\offreg.dll
2011-12-08 13:58:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\Wave Systems Corp
2011-12-08 13:58:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\Broadcom
2011-12-08 13:58:18 -------- d-----w- C:\Users\Chris\AppData\Local\ATI
2011-12-08 13:58:18 -------- d-----w- C:\Users\Chris\AppData\Local\Adobe
2011-12-07 20:05:38 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-12-07 20:05:38 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-12-07 18:11:37 8822856 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE5EAF31-CEB5-410A-A7AF-F685506B5BB9}\mpengine.dll
.
==================== Find3M ====================
.
2011-10-18 13:34:27 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2008-01-31 15:42:14 454656 ----a-w- C:\Program Files (x86)\putty.exe
.
============= FINISH: 10:53:04.91 ===============

Sorry, here's attach.txt as well (wasn't sure if I needed to post this or not)

ken545
2012-01-10, 22:36
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


Your infected with the ZeroAccess Rootkit :sad:

Before we run a fix I want to see a scan from aswMBR please

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

Cat2nd
2012-01-11, 15:32
Thanks so much for your reply! Your help is greatly appreciated :)

I should mention that I did update windows since my last post (just a bunch of miscellaneous auto-update stuff, incase it matters).

Here's the aswMBR log:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-11 08:59:07
-----------------------------
08:59:07.339 OS Version: Windows x64 6.1.7600
08:59:07.339 Number of processors: 8 586 0x2C02
08:59:07.340 ComputerName: BALARAM UserName: Chris
08:59:08.231 Initialize success
08:59:32.806 AVAST engine defs: 12011100
08:59:58.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:59:58.025 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 8
08:59:58.051 Disk 0 MBR read successfully
08:59:58.055 Disk 0 MBR scan
08:59:58.061 Disk 0 Windows VISTA default MBR code
08:59:58.065 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:59:58.100 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 750 MB offset 81920
08:59:58.115 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 304454 MB offset 1617920
08:59:58.123 Service scanning
08:59:59.902 Modules scanning
08:59:59.910 Disk 0 trace - called modules:
08:59:59.934 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
08:59:59.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d33060]
08:59:59.950 3 CLASSPNP.SYS[fffff8800196443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005bd4050]
09:00:02.946 AVAST engine scan C:\Windows
09:00:05.003 AVAST engine scan C:\Windows\system32
09:00:15.195 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
09:01:31.496 AVAST engine scan C:\Windows\system32\drivers
09:01:40.828 AVAST engine scan C:\Users\Chris
09:20:29.783 AVAST engine scan C:\ProgramData
09:21:02.320 Scan finished successfully
09:26:16.859 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
09:26:16.865 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

ken545
2012-01-11, 18:07
Lets go ahead and run Combofix, it will clean this infection

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Cat2nd
2012-01-11, 21:38
Holy smokes that took a while!

I broke down and opened Flash at some point during the log writing process (had some work that can't wait).

Here are the results:

ComboFix 12-01-10.02 - Chris 01/11/2012 13:33:11.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6142.2355 [GMT -5:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\system32\java.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 18:53 . 2012-01-11 18:53 -------- d-----w- c:\users\John\AppData\Local\temp
2012-01-11 18:53 . 2012-01-11 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-09 14:46 . 2012-01-09 14:46 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-05 16:36 . 2012-01-05 16:36 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Help
2012-01-04 17:12 . 2012-01-11 19:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-04 17:11 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-01-04 17:11 . 2012-01-04 17:11 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-01-03 20:46 . 2012-01-03 20:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-03 20:10 . 2012-01-04 15:01 -------- d-----w- c:\programdata\xml_param
2012-01-03 20:08 . 2011-01-13 21:06 158720 ----a-w- c:\windows\SysWow64\WS_VideoConverterContextMenu.dll
2012-01-03 20:08 . 2011-01-13 21:06 892928 ----a-w- c:\windows\SysWow64\iconv.dll
2012-01-03 20:08 . 2011-01-13 21:06 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax
2012-01-03 20:08 . 2011-01-13 21:06 496640 ----a-w- c:\windows\SysWow64\xvid.ax
2012-01-03 20:08 . 2012-01-03 20:08 -------- d-----w- c:\program files (x86)\Wondershare
2012-01-03 20:04 . 2012-01-03 20:04 -------- d-----w- C:\OutputFolder
2012-01-03 20:04 . 2012-01-03 20:04 -------- d-----w- c:\program files (x86)\Digiarty
2012-01-03 19:39 . 2012-01-03 19:39 -------- d-----w- c:\users\Chris\AppData\Roaming\SorensonMedia
2011-12-29 19:09 . 2011-12-29 19:09 -------- d-----w- c:\windows\system32\Macromed
2011-12-28 22:08 . 2011-12-28 22:08 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2011-12-23 14:49 . 2011-12-23 14:49 -------- d-----w- c:\program files (x86)\SWFObject 2 generator v1.2 AIR
2011-12-21 19:16 . 2012-01-11 19:04 -------- d-----w- c:\users\Chris\AppData\Roaming\Skype
2011-12-21 19:14 . 2011-12-21 19:15 -------- d-----r- c:\program files (x86)\Skype
2011-12-21 19:14 . 2011-12-21 19:14 -------- d-----w- c:\programdata\Skype
2011-12-19 16:40 . 2012-01-02 16:53 -------- d-----r- c:\users\Chris\Virtual Machines
2011-12-19 16:33 . 2009-09-23 01:51 13312 ----a-w- c:\windows\system32\drivers\en-US\vpcvmm.sys.mui
2011-12-19 16:31 . 2011-12-19 16:31 -------- d-----w- c:\program files\Windows XP Mode
2011-12-19 15:55 . 2011-12-19 15:55 -------- d-----w- c:\users\Chris\AppData\Local\Google
2011-12-15 14:40 . 2007-04-27 12:40 142120 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2011-12-15 14:40 . 2011-12-15 14:40 -------- d-----w- c:\program files (x86)\SafeNet Sentinel
2011-12-15 14:40 . 2011-12-15 14:40 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
2011-12-15 14:39 . 2011-12-15 14:39 -------- d-----w- c:\program files\NewTek
2011-12-14 15:18 . 2011-12-14 15:18 -------- d-----w- c:\users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-12-14 15:18 . 2011-12-14 15:18 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2011-12-13 14:44 . 2012-01-10 16:36 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2011-12-12 20:35 . 2011-12-12 20:36 -------- d-----w- c:\program files\WAKiosk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-12-08 15:14 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 14:08 . 2011-12-08 14:08 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE5EAF31-CEB5-410A-A7AF-F685506B5BB9}\offreg.dll
2011-11-21 11:40 . 2011-12-07 18:11 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE5EAF31-CEB5-410A-A7AF-F685506B5BB9}\mpengine.dll
2011-11-21 11:40 . 2011-03-31 16:02 8822856 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-18 13:34 . 2011-03-23 09:31 627600 ----a-w- c:\windows\system32\deployJava1.dll
2008-01-31 15:42 . 2011-03-31 18:00 454656 ----a-w- c:\program files (x86)\putty.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-10-03 2456992]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-28 98304]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-10-05 3025304]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1549680]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-12 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-01-04 20:46]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 14:09]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-25 14:09]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 15:46]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-31 15:46]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1001Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 15:55]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1001UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 15:55]
.
2012-01-11 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-01-04 20:46]
.
2012-01-11 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-01-04 20:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 18:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"combofix"="c:\combofix\CF16053.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12
TCP: Interfaces\{A6E98B69-7A6F-48E3-AED0-98250C33FEED}: NameServer = 192.168.201.200,68.237.161.12
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\47o0whze.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-ATIModeChange - Ati2mdxx.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe
c:\progra~2\Adobe\ADOBEF~1.5\Flash.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
**************************************************************************
.
Completion time: 2012-01-11 15:30:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-11 20:30
.
Pre-Run: 189,234,851,840 bytes free
Post-Run: 205,197,762,560 bytes free
.
- - End Of File - - C9EE616EB9939F0F5719D4EF6EBB92DB

ken545
2012-01-11, 22:49
Hi,

Things running any better ? Combofix logs take a bit of time to go over , while I am doing that, you have Malwarebytes installed, open it, check for updates and run the quick scan and post the log please

Cat2nd
2012-01-12, 15:03
Yeah! No redirects thus far :)

Here's the log:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: BALARAM [administrator]

Protection: Enabled

1/12/2012 8:54:14 AM
mbam-log-2012-01-12 (08-54-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197285
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ken545
2012-01-12, 16:29
Great

Lets take a deeper look

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Cat2nd
2012-01-12, 23:13
OTL.txt:
- - - - - - - - - -
OTL logfile created on: 1/12/2012 5:02:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 83.14% Memory free
11.99 Gb Paging File | 10.27 Gb Available in Paging File | 85.63% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.32 Gb Total Space | 190.64 Gb Free Space | 64.12% Space Free | Partition Type: NTFS
Drive G: | 28.83 Gb Total Space | 27.34 Gb Free Space | 94.85% Space Free | Partition Type: FAT32

Computer Name: BALARAM | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV:64bit: - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV:64bit: - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (mi-raysat_3dsmax2010_64) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SDHookService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
SRV - (SDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (DCPFLICS) -- C:\Program Files (x86)\DCPFLICS\DCPFLICS.exe ()
SRV - (SentinelProtectionServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV - (SDHookDriver) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3917206373-2216033436-1527564269-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-3917206373-2216033436-1527564269-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox Old\components [2011/11/28 13:19:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox Old\plugins [2011/11/28 13:19:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/07 15:05:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/20 14:25:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/12/08 09:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2012/01/09 09:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\47o0whze.default\extensions
[2011/12/08 10:34:41 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\47o0whze.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/12/21 14:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 14:15:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/22 08:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\47O0WHZE.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\47O0WHZE.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/12/07 15:05:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/07 15:05:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/07 15:05:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Spybot - Search & Destroy = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Skype Click to Call = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/12 10:30:48 | 000,435,628 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15020 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3917206373-2216033436-1527564269-1001..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3917206373-2216033436-1527564269-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3917206373-2216033436-1527564269-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3917206373-2216033436-1527564269-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6E98B69-7A6F-48E3-AED0-98250C33FEED}: DhcpNameServer = 68.237.161.12 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6E98B69-7A6F-48E3-AED0-98250C33FEED}: NameServer = 192.168.201.200,68.237.161.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/11 14:04:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2012/01/11 13:29:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/11 13:29:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/11 13:29:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/11 13:28:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/11 13:25:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 13:37:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Crane Animation
[2012/01/09 09:46:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/01/06 14:19:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\flash tests
[2012/01/06 12:00:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\SphericalPano
[2012/01/06 10:09:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\.settings
[2012/01/05 11:36:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft Help
[2012/01/04 14:44:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\2011 12 12 Palisades Scans
[2012/01/04 12:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/04 12:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/01/04 12:11:31 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/01/04 12:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/01/03 15:46:45 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/03 15:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2012/01/03 15:09:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Wondershare Video Converter Platinum
[2012/01/03 15:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012/01/03 15:08:52 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2012/01/03 15:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012/01/03 15:04:54 | 000,000,000 | ---D | C] -- C:\OutputFolder
[2012/01/03 15:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/01/03 15:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2012/01/03 14:39:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SorensonMedia
[2011/12/29 14:09:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/12/28 17:08:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2011/12/23 09:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWFObject 2 generator v1.2 AIR
[2011/12/21 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\ObstacleGame
[2011/12/21 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Skype
[2011/12/21 14:14:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/21 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/21 14:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/12/19 11:40:37 | 000,000,000 | R--D | C] -- C:\Users\Chris\Virtual Machines
[2011/12/19 11:36:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2011/12/19 11:36:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2011/12/19 11:33:16 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe
[2011/12/19 11:33:16 | 000,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys
[2011/12/19 11:33:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui
[2011/12/19 11:33:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui
[2011/12/19 11:33:16 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpchbus.sys.mui
[2011/12/19 11:33:16 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui
[2011/12/19 11:33:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui
[2011/12/19 11:33:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 002,262,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui
[2011/12/19 11:33:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui
[2011/12/19 11:33:14 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe
[2011/12/19 11:33:14 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll
[2011/12/19 11:33:14 | 000,359,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2011/12/19 11:33:14 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2011/12/19 11:33:14 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2011/12/19 11:33:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2011/12/19 11:33:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui
[2011/12/19 11:33:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui
[2011/12/19 11:33:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui
[2011/12/19 11:33:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui
[2011/12/19 11:33:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vpcusb.sys.mui
[2011/12/19 11:33:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui
[2011/12/19 11:33:10 | 004,513,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2011/12/19 11:33:10 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2011/12/19 11:33:10 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui
[2011/12/19 11:33:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui
[2011/12/19 11:33:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui
[2011/12/19 11:33:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui
[2011/12/19 11:33:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui
[2011/12/19 11:33:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui
[2011/12/19 11:33:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui
[2011/12/19 11:33:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui
[2011/12/19 11:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2011/12/19 10:55:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/19 10:55:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/12/15 09:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newtek
[2011/12/15 09:40:32 | 000,142,120 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2011/12/15 09:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafeNet Sentinel
[2011/12/15 09:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel
[2011/12/15 09:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\NewTek
[2011/12/15 09:27:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\062 Patent - Revisions
[2011/12/14 10:53:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\TacoLulz
[2011/12/14 10:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/12/14 10:19:13 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Adobe Flash Professional CS5.5
[2011/12/14 10:18:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/14 10:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2011/03/31 13:00:31 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files (x86)\putty.exe

Cat2nd
2012-01-12, 23:14
cont:

========== Files - Modified Within 30 Days ==========

[2012/01/12 17:00:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1001UA.job
[2012/01/12 16:29:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 16:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1000UA.job
[2012/01/12 11:00:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1001Core.job
[2012/01/12 10:30:49 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/12 10:30:48 | 000,435,628 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/12 04:29:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/11 19:16:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1000Core.job
[2012/01/11 14:05:08 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 14:05:08 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 14:05:04 | 000,781,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/11 14:05:04 | 000,663,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/11 14:05:04 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/11 14:02:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120112-103048.backup
[2012/01/11 14:00:25 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/11 13:57:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 13:57:05 | 534,945,791 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/11 13:23:24 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/01/11 09:26:16 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/01/10 16:44:57 | 000,001,456 | ---- | M] () -- C:\Users\Chris\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/10 13:43:42 | 000,353,107 | ---- | M] () -- C:\Users\Chris\Desktop\video-player-comp.jpg
[2012/01/09 16:09:45 | 000,002,828 | ---- | M] () -- C:\Users\Chris\Desktop\Target_logo.svg
[2012/01/09 09:01:05 | 000,002,365 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2012/01/09 08:43:08 | 005,233,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/06 15:06:29 | 000,000,829 | ---- | M] () -- C:\Users\Chris\Desktop\.actionScriptProperties
[2012/01/06 15:06:29 | 000,000,478 | ---- | M] () -- C:\Users\Chris\Desktop\.project
[2012/01/06 11:59:49 | 003,063,574 | ---- | M] () -- C:\Users\Chris\Desktop\sequencer comp2.psd
[2012/01/06 11:59:20 | 003,183,338 | ---- | M] () -- C:\Users\Chris\Desktop\SphericalPano.zip
[2012/01/06 11:40:58 | 000,070,269 | ---- | M] () -- C:\Users\Chris\Desktop\dimensions test2.swf
[2012/01/06 11:39:48 | 000,099,398 | ---- | M] () -- C:\Users\Chris\Desktop\dimensions test2.apk
[2012/01/06 11:37:08 | 001,055,197 | ---- | M] () -- C:\Users\Chris\Desktop\dimensions test2.fla
[2012/01/06 10:54:10 | 000,128,451 | ---- | M] () -- C:\Users\Chris\Desktop\sequencer-comp_mobile2.png
[2012/01/06 10:24:39 | 000,003,529 | ---- | M] () -- C:\Users\Chris\Desktop\BitmapTest.as
[2012/01/06 10:23:33 | 000,036,574 | ---- | M] () -- C:\Users\Chris\Desktop\magnify_test.swf
[2012/01/06 10:10:55 | 000,329,926 | ---- | M] () -- C:\Users\Chris\Desktop\magnify_test.fla
[2012/01/06 10:09:32 | 000,004,385 | ---- | M] () -- C:\Users\Chris\Desktop\AuthortimeSharedAssets.fla
[2012/01/05 17:05:32 | 004,582,604 | ---- | M] () -- C:\Users\Chris\Desktop\sequencer comp.psd
[2012/01/05 15:40:37 | 000,125,559 | ---- | M] () -- C:\Users\Chris\Desktop\sequencer-comp_mobile.png
[2012/01/05 12:12:24 | 000,001,556 | ---- | M] () -- C:\Users\Chris\Desktop\dimensions test2-app.xml
[2012/01/05 11:50:23 | 000,001,409 | ---- | M] () -- C:\Users\Chris\Desktop\dimensions test.swf
[2012/01/05 11:48:55 | 000,005,239 | ---- | M] () -- C:\Users\Chris\Desktop\dimensions test.fla
[2012/01/05 11:48:54 | 000,001,533 | ---- | M] () -- C:\Users\Chris\Desktop\dimensions test-app.xml
[2012/01/05 11:48:45 | 000,001,682 | ---- | M] () -- C:\Users\Chris\Desktop\test.p12
[2012/01/05 11:16:40 | 000,002,820 | ---- | M] () -- C:\Users\Chris\Desktop\attach.zip
[2012/01/05 09:57:16 | 000,144,941 | ---- | M] () -- C:\Users\Chris\Desktop\sequencer-comp.png
[2012/01/04 12:11:36 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/01/03 15:46:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/03 15:08:56 | 000,001,381 | ---- | M] () -- C:\Users\Chris\Desktop\Wondershare Video Converter Platinum.lnk
[2012/01/03 15:04:49 | 000,001,408 | ---- | M] () -- C:\Users\Chris\Desktop\WinX Free MOV to WMV Converter.lnk
[2012/01/03 11:21:23 | 000,168,254 | ---- | M] () -- C:\Users\Chris\LWEXT9-64.CFG
[2012/01/03 11:21:21 | 000,006,679 | ---- | M] () -- C:\Users\Chris\LW9-64.CFG
[2012/01/03 11:21:20 | 000,000,547 | ---- | M] () -- C:\Users\Chris\LWHUB9-64.CFG
[2012/01/02 13:31:48 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 10:22:24 | 000,036,229 | ---- | M] () -- C:\Users\Chris\Desktop\spring_position.jpg
[2011/12/29 11:01:40 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Welch Allyn Kiosk.lnk
[2011/12/28 14:35:28 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Desktop\setupEN.exe
[2011/12/23 10:45:13 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Documents\fontz.zip
[2011/12/23 10:44:15 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Documents\GOTHICI.TTF
[2011/12/23 10:40:26 | 000,002,456 | ---- | M] () -- C:\Users\Chris\Desktop\bg_footer.png
[2011/12/23 10:39:24 | 000,002,456 | ---- | M] () -- C:\Users\Chris\Desktop\bg_footer.jpg
[2011/12/23 09:49:18 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\SWFObject 2 generator v1.2 AIR.lnk
[2011/12/21 14:14:46 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/21 10:47:08 | 000,004,661 | ---- | M] () -- C:\Users\Chris\LWM9-64.CFG
[2011/12/21 09:51:04 | 000,047,443 | ---- | M] () -- C:\Users\Chris\Desktop\fairbank-pls.jpg
[2011/12/19 16:12:50 | 006,279,267 | ---- | M] () -- C:\Users\Chris\Documents\chris2.zip
[2011/12/19 16:06:54 | 000,014,697 | ---- | M] () -- C:\Users\Chris\Desktop\empire_336x280.jpg
[2011/12/19 16:03:25 | 000,003,431 | ---- | M] () -- C:\Users\Chris\Desktop\most_120x60.jpg
[2011/12/19 16:01:39 | 000,006,845 | ---- | M] () -- C:\Users\Chris\Desktop\everson_468x60.jpg
[2011/12/19 15:58:02 | 000,046,569 | ---- | M] () -- C:\Users\Chris\Desktop\dukes_336x280.jpg
[2011/12/19 15:49:42 | 000,004,121 | ---- | M] () -- C:\Users\Chris\Desktop\empire_120x60.jpg
[2011/12/19 15:44:10 | 000,008,561 | ---- | M] () -- C:\Users\Chris\Desktop\empire_468x60.jpg
[2011/12/16 10:53:09 | 000,588,401 | ---- | M] () -- C:\Users\Chris\Desktop\tacolulz.zip
[2011/12/14 10:18:43 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk

========== Files Created - No Company Name ==========

[2012/01/11 13:29:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/11 13:29:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/11 13:29:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/11 13:29:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/11 13:29:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/11 09:26:16 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2012/01/10 13:43:42 | 000,353,107 | ---- | C] () -- C:\Users\Chris\Desktop\video-player-comp.jpg
[2012/01/09 16:08:55 | 000,002,828 | ---- | C] () -- C:\Users\Chris\Desktop\Target_logo.svg
[2012/01/06 11:59:18 | 003,183,338 | ---- | C] () -- C:\Users\Chris\Desktop\SphericalPano.zip
[2012/01/06 10:54:09 | 000,128,451 | ---- | C] () -- C:\Users\Chris\Desktop\sequencer-comp_mobile2.png
[2012/01/06 10:10:16 | 000,036,574 | ---- | C] () -- C:\Users\Chris\Desktop\magnify_test.swf
[2012/01/06 10:09:50 | 000,003,529 | ---- | C] () -- C:\Users\Chris\Desktop\BitmapTest.as
[2012/01/06 10:09:33 | 000,000,829 | ---- | C] () -- C:\Users\Chris\Desktop\.actionScriptProperties
[2012/01/06 10:09:33 | 000,000,478 | ---- | C] () -- C:\Users\Chris\Desktop\.project
[2012/01/06 10:09:31 | 000,004,385 | ---- | C] () -- C:\Users\Chris\Desktop\AuthortimeSharedAssets.fla
[2012/01/06 10:07:39 | 000,329,926 | ---- | C] () -- C:\Users\Chris\Desktop\magnify_test.fla
[2012/01/05 15:40:35 | 000,125,559 | ---- | C] () -- C:\Users\Chris\Desktop\sequencer-comp_mobile.png
[2012/01/05 15:01:12 | 003,063,574 | ---- | C] () -- C:\Users\Chris\Desktop\sequencer comp2.psd
[2012/01/05 11:51:16 | 000,099,398 | ---- | C] () -- C:\Users\Chris\Desktop\dimensions test2.apk
[2012/01/05 11:51:13 | 000,070,269 | ---- | C] () -- C:\Users\Chris\Desktop\dimensions test2.swf
[2012/01/05 11:51:13 | 000,001,556 | ---- | C] () -- C:\Users\Chris\Desktop\dimensions test2-app.xml
[2012/01/05 11:50:57 | 001,055,197 | ---- | C] () -- C:\Users\Chris\Desktop\dimensions test2.fla
[2012/01/05 11:48:42 | 000,001,682 | ---- | C] () -- C:\Users\Chris\Desktop\test.p12
[2012/01/05 11:47:55 | 000,001,533 | ---- | C] () -- C:\Users\Chris\Desktop\dimensions test-app.xml
[2012/01/05 11:47:55 | 000,001,409 | ---- | C] () -- C:\Users\Chris\Desktop\dimensions test.swf
[2012/01/05 11:47:38 | 000,005,239 | ---- | C] () -- C:\Users\Chris\Desktop\dimensions test.fla
[2012/01/05 11:16:35 | 000,002,820 | ---- | C] () -- C:\Users\Chris\Desktop\attach.zip
[2012/01/05 09:57:14 | 000,144,941 | ---- | C] () -- C:\Users\Chris\Desktop\sequencer-comp.png
[2012/01/04 12:12:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/04 12:12:10 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/01/04 12:12:09 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/04 12:11:36 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/01/04 12:11:36 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/01/03 17:04:25 | 004,582,604 | ---- | C] () -- C:\Users\Chris\Desktop\sequencer comp.psd
[2012/01/03 15:08:56 | 000,001,381 | ---- | C] () -- C:\Users\Chris\Desktop\Wondershare Video Converter Platinum.lnk
[2012/01/03 15:08:55 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\WS_VideoConverterContextMenu.dll
[2012/01/03 15:08:52 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2012/01/03 15:08:52 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/01/03 15:04:49 | 000,001,408 | ---- | C] () -- C:\Users\Chris\Desktop\WinX Free MOV to WMV Converter.lnk
[2012/01/02 13:31:48 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 10:22:20 | 000,036,229 | ---- | C] () -- C:\Users\Chris\Desktop\spring_position.jpg
[2011/12/28 14:35:26 | 000,000,000 | ---- | C] () -- C:\Users\Chris\Desktop\setupEN.exe
[2011/12/23 10:44:59 | 000,000,000 | ---- | C] () -- C:\Users\Chris\Documents\fontz.zip
[2011/12/23 10:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Chris\Documents\GOTHICI.TTF
[2011/12/23 10:40:26 | 000,002,456 | ---- | C] () -- C:\Users\Chris\Desktop\bg_footer.png
[2011/12/23 09:49:18 | 000,001,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWFObject 2 generator v1.2 AIR.lnk
[2011/12/23 09:49:18 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\SWFObject 2 generator v1.2 AIR.lnk
[2011/12/23 08:55:54 | 000,002,456 | ---- | C] () -- C:\Users\Chris\Desktop\bg_footer.jpg
[2011/12/21 14:14:46 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/21 09:51:03 | 000,047,443 | ---- | C] () -- C:\Users\Chris\Desktop\fairbank-pls.jpg
[2011/12/19 16:12:45 | 006,279,267 | ---- | C] () -- C:\Users\Chris\Documents\chris2.zip
[2011/12/19 16:03:25 | 000,003,431 | ---- | C] () -- C:\Users\Chris\Desktop\most_120x60.jpg
[2011/12/19 16:01:39 | 000,006,845 | ---- | C] () -- C:\Users\Chris\Desktop\everson_468x60.jpg
[2011/12/19 15:58:02 | 000,046,569 | ---- | C] () -- C:\Users\Chris\Desktop\dukes_336x280.jpg
[2011/12/19 15:49:42 | 000,004,121 | ---- | C] () -- C:\Users\Chris\Desktop\empire_120x60.jpg
[2011/12/19 15:48:17 | 000,014,697 | ---- | C] () -- C:\Users\Chris\Desktop\empire_336x280.jpg
[2011/12/19 15:44:10 | 000,008,561 | ---- | C] () -- C:\Users\Chris\Desktop\empire_468x60.jpg
[2011/12/19 10:56:00 | 000,002,365 | ---- | C] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2011/12/19 10:55:42 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1001UA.job
[2011/12/19 10:55:40 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3917206373-2216033436-1527564269-1001Core.job
[2011/12/16 10:53:02 | 000,588,401 | ---- | C] () -- C:\Users\Chris\Desktop\tacolulz.zip
[2011/12/15 12:30:17 | 000,000,547 | ---- | C] () -- C:\Users\Chris\LWHUB9-64.CFG
[2011/12/15 10:16:17 | 000,006,679 | ---- | C] () -- C:\Users\Chris\LW9-64.CFG
[2011/12/15 10:04:13 | 000,168,254 | ---- | C] () -- C:\Users\Chris\LWEXT9-64.CFG
[2011/12/15 10:04:13 | 000,004,661 | ---- | C] () -- C:\Users\Chris\LWM9-64.CFG
[2011/12/14 10:18:43 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/12/14 10:18:43 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2011/12/08 15:04:24 | 000,001,456 | ---- | C] () -- C:\Users\Chris\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/08 10:07:58 | 000,010,262 | -HS- | C] () -- C:\Users\Chris\AppData\Local\a15wq63shbi4g80cdq4mtuxk11574klar
[2011/12/08 10:07:58 | 000,010,262 | -HS- | C] () -- C:\ProgramData\a15wq63shbi4g80cdq4mtuxk11574klar
[2011/11/02 13:07:02 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/24 14:16:19 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/11 08:27:41 | 000,121,686 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/04/20 09:46:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/04 14:36:29 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\libmysql_c.dll
[2011/03/31 10:58:53 | 000,775,334 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/23 07:11:59 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/23 06:24:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/23 04:33:32 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/11/10 11:20:04 | 000,839,680 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll
[2009/11/10 11:07:44 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\lmgr10.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/06/27 16:13:51 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll


========== LOP Check ==========

[2012/01/12 17:00:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.purple
[2011/12/12 09:16:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Autodesk
[2011/12/08 08:58:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Broadcom
[2011/12/09 11:53:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/14 10:18:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/12 11:10:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DisplayFusion
[2011/12/12 15:30:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2011/12/23 10:45:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2011/12/12 09:15:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Notepad++
[2011/12/09 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2012/01/03 14:39:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SorensonMedia
[2011/12/08 09:36:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Thunderbird
[2011/12/08 08:58:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wave Systems Corp
[2011/09/20 07:02:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.minecraft
[2011/12/12 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.purple
[2011/05/16 13:46:54 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Autodesk
[2011/03/31 10:41:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Broadcom
[2011/07/07 09:10:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/10 10:10:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/10 09:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.MacallanPhotoApp
[2011/08/15 15:55:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.secondnature.scoutlook
[2011/07/08 10:30:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\com.sndnature.scoutlookweather
[2011/03/31 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DAEMON Tools Lite
[2011/07/14 09:37:35 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\digitalutopia.LotROChar
[2012/01/03 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Dropbox
[2011/12/12 14:06:20 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FileZilla
[2011/12/05 10:54:06 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gtk-2.0
[2011/04/01 16:41:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Notepad++
[2011/04/26 08:36:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2011/05/24 14:30:29 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\SorensonMedia
[2011/06/09 09:22:22 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2011/07/08 14:57:34 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uTorrent
[2011/03/31 10:41:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Wave Systems Corp
[2012/01/11 14:00:25 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/01/12 10:30:49 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/01/11 13:23:24 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2009/07/14 00:08:49 | 000,008,128 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras.txt
- - - - - - - - - -
OTL Extras logfile created on: 1/12/2012 5:02:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 83.14% Memory free
11.99 Gb Paging File | 10.27 Gb Available in Paging File | 85.63% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.32 Gb Total Space | 190.64 Gb Free Space | 64.12% Space Free | Partition Type: NTFS
Drive G: | 28.83 Gb Total Space | 27.34 Gb Free Space | 94.85% Space Free | Partition Type: FAT32

Computer Name: BALARAM | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3917206373-2216033436-1527564269-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0DB0EA38-E806-44ED-A892-489F2E305080}" = Dell System Manager
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{64A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java(TM) SE Development Kit 6 Update 25 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67154CF5-2C33-41C2-A9F2-A4FBC29482AD}" = Wave Infrastructure Installer
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7B7D73E7-79D5-4133-AB7A-E27BB5F64725}" = Dell Control Point 64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8947B825-5682-C07A-7921-E812164A0909}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Ultravnc2_is1" = UltraVnc
"Welch Allyn Kiosk_is1" = Welch Allyn Kiosk

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029C5BE5-462A-2FB8-5C54-362AFEEA7D44}" = CCC Help Japanese
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{073AB210-9BDA-2F64-6B41-494F35C1E73F}" = CCC Help Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C37C41C-3BD1-256C-3C82-B5C707776249}" = Catalyst Control Center Localization All
"{0EA8C3CC-9C2A-2711-795C-25A0D891ABA6}" = Catalyst Control Center Graphics Full New
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F943E47-5762-2CBD-4762-ED2F2EB520F6}" = Catalyst Control Center Graphics Full Existing
"{18FB3507-0188-482C-8495-7C5BC094CD12}" = nPowerSoftware Plug-Ins
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DA0220A-454D-C668-763E-B232686FC505}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{204F0053-6818-D50D-B132-55D5D0D1125D}" = CCC Help Thai
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F5EB64A-814B-1884-DFEC-B30A212DCF2C}" = CCC Help Portuguese
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{31E4C3BB-2E7A-714B-65AF-2F8C711149E9}" = CCC Help Polish
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{367EE587-F92B-E3E4-3816-99297A40751D}" = CCC Help Spanish
"{36C0C3FC-6B7E-467A-81DB-6E4532B44374}" = Catalyst Control Center - Branding
"{39159BE7-2B24-D59B-18CF-878DFE0D9E32}" = CCC Help German
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4171638F-EBC8-3DDA-C320-693A6775A18B}" = ccc-core-static
"{439227D3-3C0E-493C-84C5-53F117726184}" = nPower Max Plugins
"{44F7C005-42DF-B48D-5310-EDCCEBCD2CD0}" = CCC Help Italian
"{4874A97B-D7D3-15E1-6C0A-61F871A1C440}" = Catalyst Control Center Graphics Previews Common
"{49862E19-7192-16E9-9390-4DADB8276C31}" = ScoutLook Weather
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D7340CA-7D10-C5BC-4DA6-F3F685BAF0FF}" = CCC Help Turkish
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C126658-C31E-B6D5-90AE-09AD6DF1A846}" = Catalyst Control Center Graphics Previews Vista
"{6E2E52A3-DF0A-4EDC-B4F1-267E0FEC691B}" = CCC Help Chinese Standard
"{6F7396CA-B0BA-AD24-83C8-4FF670291F48}" = CCC Help Swedish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DDB0239-17CA-9552-5665-CA4845EB61B0}" = CCC Help Dutch
"{7EDEDC17-A174-2A41-71B2-1A76BB51FCE0}" = SWFObject 2 generator v1.2 AIR
"{7F0E4311-D46D-456E-97CC-44F7E331DE66}" = Sorenson Squeeze 6.0
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8573BE35-DA4F-D73F-0BC7-01199875F61C}" = Skins
"{86C01B84-205E-B98D-11E5-94C5BEDC316A}" = CCC Help Chinese Traditional
"{89D8BC7A-7EDB-782A-10F9-49759C3BBC6E}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B74F087B-FE65-F00C-A756-538AF2B6B49E}" = CCC Help English
"{BEC93A3A-7C68-81D8-E905-9F2B8456D714}" = Catalyst Control Center InstallProxy
"{C00C4A11-8FF4-516E-54D0-8FA834991543}" = Catalyst Control Center Core Implementation
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D963788E-2A2E-0673-A874-1F516B3861B1}" = CCC Help French
"{DCD2FE91-FFE7-7F08-F9E1-2CA4BDA00DF4}" = CCC Help Greek
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E9E50689-AE67-DAB4-310E-36A5BD2599D3}" = CCC Help Hungarian
"{EB4901E9-48AE-0A2E-8747-1269A390B72D}" = Catalyst Control Center Graphics Light
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECBBBDE9-E3B1-7C26-63C1-6D87309D2644}" = CCC Help Russian
"{EE590EC6-FC5D-A092-CD69-05F4FB38AD99}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEFF81BF-B911-6755-FBDE-09547BDFD0A2}" = CCC Help Korean
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Android SDK Tools" = Android SDK Tools
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"AutoHotkey" = AutoHotkey 1.0.48.05
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.secondnature.scoutlook" = ScoutLook Weather
"DAEMON Tools Lite" = DAEMON Tools Lite
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"File Renamer - Basic" = File Renamer - Basic
"FileZilla Client" = FileZilla Client 3.4.0
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"FLV Player2.0.25" = FLV Player
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"LightWave 3D 9.6.1 64bit 9.6.1" = LightWave 3D 9.6.1 64bit
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"PremiumSoft Navicat 8.0 for MySQL_is1" = PremiumSoft Navicat 8.0 for MySQL
"Steam App 105600" = Terraria
"swfobjectgenerator.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1" = SWFObject 2 generator v1.2 AIR
"Trapcode 3DStroke" = Trapcode 3DStroke
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WinX Free MOV to WMV Converter_is1" = WinX Free MOV to WMV Converter 4.1.11
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.2.0)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3917206373-2216033436-1527564269-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2012 1:04:13 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 8.0.1.4341,
time stamp: 0x4ec9a0a8 Faulting module name: NPSWF32.dll, version: 9.0.277.0, time
stamp: 0x4c0d460d Exception code: 0xc0000005 Fault offset: 0x00004d0b Faulting process
id: 0x1668 Faulting application start time: 0x01ccc954af80ce30 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\system32\Macromed\Flash\NPSWF32.dll Report Id: cb36a2f8-3563-11e1-b072-bc305bb83db4

Error - 1/3/2012 12:21:16 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdbdf Exception code: 0xe06d7363 Fault offset: 0x0000b727 Faulting
process id: 0x14c8 Faulting application start time: 0x01ccca335c201b64 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: f57d6d80-3626-11e1-b5cb-bc305bb83db4

Error - 1/3/2012 12:55:41 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 8.0.1.4341,
time stamp: 0x4ec9a0a8 Faulting module name: NPSWF32.dll, version: 9.0.277.0, time
stamp: 0x4c0d460d Exception code: 0xc0000005 Fault offset: 0x00004d0b Faulting process
id: 0xc0c Faulting application start time: 0x01ccca37f7583417 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\system32\Macromed\Flash\NPSWF32.dll Report Id: c4a91382-362b-11e1-b5b8-bc305bb83db4

Error - 1/3/2012 12:55:44 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x356a4f69 Faulting process id: 0x1514 Faulting application
start time: 0x01ccca37e1a084ca Faulting application path: C:\Windows\SysWOW64\ping.exe
Faulting
module path: unknown Report Id: c658c5a5-362b-11e1-b5b8-bc305bb83db4

Error - 1/3/2012 12:56:36 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 8.0.1.4341,
time stamp: 0x4ec9a0a8 Faulting module name: NPSWF32.dll, version: 9.0.277.0, time
stamp: 0x4c0d460d Exception code: 0xc0000005 Fault offset: 0x00004d0b Faulting process
id: 0x1290 Faulting application start time: 0x01ccca389607d708 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\system32\Macromed\Flash\NPSWF32.dll Report Id: e55dba3c-362b-11e1-b5b8-bc305bb83db4

Error - 1/3/2012 2:41:27 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: Flash10o.ocx, version: 10.2.153.1, time
stamp: 0x4d79ae94 Exception code: 0x40000015 Fault offset: 0x00177a23 Faulting process
id: 0x17f0 Faulting application start time: 0x01ccca4684ba4487 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash10o.ocx
Report
Id: 8ae92b59-363a-11e1-b21e-bc305bb83db4

Error - 1/4/2012 2:44:57 AM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: Flash10o.ocx, version: 10.2.153.1, time
stamp: 0x4d79ae94 Exception code: 0x40000015 Fault offset: 0x00177a23 Faulting process
id: 0x10a8 Faulting application start time: 0x01cccaab8d94b6b9 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash10o.ocx
Report
Id: 9d8f8a74-369f-11e1-b21e-bc305bb83db4

Error - 1/4/2012 12:55:14 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: ntdll.dll, version: 6.1.7600.20826, time
stamp: 0x4cc7a929 Exception code: 0xc0000374 Fault offset: 0x000ceccb Faulting process
id: 0x10a4 Faulting application start time: 0x01cccb00e673a922 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: dec37c85-36f4-11e1-b21e-bc305bb83db4

Error - 1/5/2012 4:30:29 AM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdbdf Exception code: 0xe06d7363 Fault offset: 0x0000b727 Faulting
process id: 0x507c Faulting application start time: 0x01cccb83b9c9caf1 Faulting application
path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 85e04737-3777-11e1-b21e-bc305bb83db4

Error - 1/5/2012 12:16:57 PM | Computer Name = Balaram | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_Schedule, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7600.20826,
time stamp: 0x4cc7b3ed Exception code: 0xc00000fd Fault offset: 0x0000000000053b2a
Faulting
process id: 0x194 Faulting application start time: 0x01cccbbf283c5554 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: afc4902e-37b8-11e1-ac4c-bc305bb83db4

[ System Events ]
Error - 1/9/2012 9:43:07 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.

Error - 1/9/2012 10:40:30 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7034
Description = The Spybot S&D 2 Live Protection Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/9/2012 2:43:52 PM | Computer Name = Balaram | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR5.

Error - 1/11/2012 9:42:09 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 1/11/2012 9:42:13 AM | Computer Name = Balaram | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 1/11/2012 9:42:15 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 1/11/2012 9:42:15 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 1/11/2012 9:42:16 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 1/11/2012 9:42:18 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7003
Description = The Spybot-S&D 2 Security Center Service service depends the following
service: wscsvc. This service might not be installed.

Error - 1/11/2012 11:17:56 AM | Computer Name = Balaram | Source = Service Control Manager | ID = 7034
Description = The Spybot S&D 2 Live Protection Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

ken545
2012-01-13, 00:58
Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

ken545
2012-01-18, 23:26
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.