View Full Version : Problem with infection
BlackPanther1
2012-07-18, 22:25
I have caught an infection some time earlier today on a website. I noticed this by first Avira telling me I was infected, then a program I have never seen before called Live something Platium, which I however have never installed. This then caused Skype to shut down, and prevented me from opening either Avira or Skype again.
I changed to my administrator account and ran a scan from Avira, Malwarebytes, MSE and Spybot. Both MSE and Spybot found 3 infections that I deleted.
However, I still think that there is something left on my computer, since the infections were all over the computer. The PC is running slower than usual and there are still some folders that I have never seen before.
I would greatly appreciate you help. Please tell me if you need any further information. Thank you!
Here is my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Admin at 16:22:58 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1033.18.6092.3985 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LSCAGui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com?pc=HPNTDF
uDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Power2GoExpress]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Dashboard]
mRun: [UDM] "C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LscaGui.exe"
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9B56DF82-DE53-4104-A653-BFCDAAE4C929} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9B56DF82-DE53-4104-A653-BFCDAAE4C929}\2375942554935363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9B56DF82-DE53-4104-A653-BFCDAAE4C929}\475756D21373230313 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9B56DF82-DE53-4104-A653-BFCDAAE4C929}\65562796A7F6E602D496649623230303025324242302355636572756 : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Dashboard]
mRun-x64: [UDM] "C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LscaGui.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-8 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-8 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-8 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-4 13336]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SesamService;Sesam Control Service;C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe [2009-11-16 1414440]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-4 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-9-23 539248]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
R3 wtsmpadap;Sesam Virtual Adapter;C:\Windows\system32\DRIVERS\wtsmpadap.sys --> C:\Windows\system32\DRIVERS\wtsmpadap.sys [?]
R3 WtSmpFlt;Sesam Adapter;C:\Windows\system32\DRIVERS\wtsmpflt.sys --> C:\Windows\system32\DRIVERS\wtsmpflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/03 23:25:46;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
S4 UDM Service;UDM Service;C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe [2009-12-10 128296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 17:08:58 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D9133ABC-B091-406C-A0D7-1D19DF7B9EF3}\gapaengine.dll
2012-07-18 17:08:56 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F4B0053-93C9-4416-9DA1-91E275F098AB}\mpengine.dll
2012-07-18 17:07:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-18 17:07:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-18 17:01:07 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-18 17:00:58 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-18 15:08:43 -------- d-----w- C:\ProgramData\225932FD02E269D2DF603AE7F875F002
2012-07-17 12:46:26 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B46BF233-C855-460D-8F69-F7BCFE3F6958}\mpengine.dll
2012-07-11 09:25:12 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 08:26:44 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-10 16:13:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-24 20:15:21 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2012-06-19 07:54:35 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 07:54:19 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 07:54:05 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 07:54:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-18 20:19:33 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-07-10 16:13:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-08 19:29:36 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 16:23:12.84 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
You have both Avira and Microsoft Security Essentials running, they may be conflicting and slowing down your system, your call but you need to uninstall one via Programs and Features in the Control Panel. You should just keep one AV, keep it updated and run regular scans
Lets check a few things.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
BlackPanther1
2012-07-20, 13:02
Here you go:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-20 06:58:14
-----------------------------
06:58:14.439 OS Version: Windows x64 6.1.7601 Service Pack 1
06:58:14.439 Number of processors: 8 586 0x2A07
06:58:14.439 ComputerName: NICOLE-HP UserName: Admin
06:58:16.030 Initialize success
06:58:27.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:58:27.723 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
06:58:27.739 Disk 0 MBR read successfully
06:58:27.739 Disk 0 MBR scan
06:58:27.739 Disk 0 Windows 7 default MBR code
06:58:27.754 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
06:58:27.770 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700284 MB offset 409600
06:58:27.801 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14817 MB offset 1434591232
06:58:27.817 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
06:58:27.864 Disk 0 scanning C:\Windows\system32\drivers
06:58:42.353 Service scanning
06:59:30.483 Modules scanning
06:59:30.483 Disk 0 trace - called modules:
06:59:30.498 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
06:59:30.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b5a790]
06:59:30.498 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> [0xfffffa8006a70b10]
06:59:30.514 5 hpdskflt.sys[fffff88001b4f361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800692e050]
06:59:30.514 Scan finished successfully
06:59:38.844 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
06:59:38.860 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
A question that just came to my mind: do I have to run this only on my administrator account or on all user accounts if the infection did take place on a user account?
Your log looks fine , you can run it again on a user account , it cant hurt, then post the new log
Open up Malwarebytes and go to the Log tab and open the log that the infections where removed and copy and paste the log into this thread for me to see.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
BlackPanther1
2012-07-20, 16:11
First I did the scan you told me to do before on the other user, giving me the following log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-20 14:09:57
-----------------------------
14:09:57.402 OS Version: Windows x64 6.1.7601 Service Pack 1
14:09:57.402 Number of processors: 8 586 0x2A07
14:09:57.402 ComputerName: NICOLE-HP UserName: Nicole
14:09:57.402 Initialze error 5
14:11:00.277 AVAST engine defs: 12072000
14:11:05.971 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:11:05.987 Disk 0 Vendor: Size: 0MB BusType: 0
14:11:06.049 Disk 0 MBR read successfully
14:11:06.049 Disk 0 MBR scan
14:11:06.049 Disk 0 Windows 7 default MBR code
14:11:06.065 Disk 0 MBR hidden
14:11:06.065 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:11:06.127 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700284 MB offset 409600
14:11:06.189 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14817 MB offset 1434591232
14:11:06.267 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
14:11:06.330 Disk 0 scanning C:\Windows\system32\drivers
14:11:06.330 Service scanning
14:11:06.876 Modules scanning
14:11:06.876 Disk 0 trace - called modules:
14:11:06.969 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
14:11:06.985 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006b5a790]
14:11:07.001 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> [0xfffffa8006a70b10]
14:11:07.016 5 hpdskflt.sys[fffff88001b4f361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800692e050]
14:11:07.016 AVAST engine scan C:\Windows
14:11:07.032 AVAST engine scan C:\Windows\system32
14:11:07.032 AVAST engine scan C:\Windows\system32\drivers
14:11:07.032 AVAST engine scan C:\Users\Nicole
14:11:07.047 AVAST engine scan C:\ProgramData
14:11:07.047 Scan finished successfully
14:11:27.234 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
14:11:27.249 The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"
I then did the ESET scan. Here would be the log:
C:\Program Files (x86)\WhiteSmoke\HookDllOE.dll probably a variant of Win32/WhiteSmoke application
C:\Program Files (x86)\WhiteSmoke\Registration.exe a variant of Win32/WhiteSmoke application
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke application
C:\Users\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\1bbf2f65-7fb241c8 a variant of Win32/Injector.TYT trojan
Also, I got the Malewarebytes log; however, I think I wrote before that MBAM did not find anything, but MSE and spybot did. I therefore will post the logs of all three programs, since I guess the MBAM will not really be useful. I will, however, do the MBAM scan again as soon as I finish this post and will inform you if anything is found with the updates version.
MBAM log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Datenbank Version: v2012.03.23.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: NICOLE-HP [Administrator]
18.07.2012 12:37:31
mbam-log-2012-07-18 (12-37-31).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217018
Laufzeit: 5 Minute(n), 43 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Spybot log:
--- Report generated: 2012-07-18 14:29 ---
FastClick: Tracking cookie (Internet Explorer: Admin) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Admin) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Admin) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-07-18 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-07-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-06-19 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2012-06-18 Includes\Malware.sbi (*)
2012-07-10 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-07-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-06-19 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-07-17 Includes\TrojansC-02.sbi (*)
2012-07-17 Includes\TrojansC-03.sbi (*)
2012-07-17 Includes\TrojansC-04.sbi (*)
2012-07-12 Includes\TrojansC-05.sbi (*)
2012-07-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
MSE findings (I have not found the logs so far, this is all I could find):
Trojan:Win32/Medfos.B
Trojan:Win32/Medfos.gen!A
Hope this helps.
A few things to fix, when you update and run Malwarebytes , WhiteSmoke may show up but will not be checked, make sure you check it for removal
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Again aswMBR looks ok
BlackPanther1
2012-07-20, 17:08
Here are the logs:
OTL logfile created on: 7/20/2012 4:58:29 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
5.95 Gb Total Physical Memory | 3.63 Gb Available Physical Memory | 61.06% Memory free
11.90 Gb Paging File | 9.39 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 560.05 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
Drive F: | 3.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 589.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 297.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: NICOLE-HP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LSCAGui.exe (Swisscom)
PRC - C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe (Swisscom)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_thread-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_serialization-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_regex-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_filesystem-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_date_time-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_system-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\ImageFormats\qgif4.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\QtGui4.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\QtCore4.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UDM Service) -- C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe (Swisscom)
SRV - (SesamService) -- C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe (Swisscom)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WtSmpFlt) -- C:\Windows\SysNative\drivers\wtsmpflt.sys (Swisscom)
DRV:64bit: - (wtsmpadap) -- C:\Windows\SysNative\drivers\wtsmpadap.sys (Swisscom)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{3565E2D5-87FD-42ED-AA1D-87006E11CAC2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{3565E2D5-87FD-42ED-AA1D-87006E11CAC2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{3565E2D5-87FD-42ED-AA1D-87006E11CAC2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/14 23:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2012/06/14 09:23:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/22 02:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/14 23:03:47 | 000,000,000 | ---D | M]
[2011/08/13 04:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: Website Logon = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dashboard] File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UDM] C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LscaGui.exe (Swisscom)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-622088572-2977392544-4208331882-1001..\Run: [Power2GoExpress] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B56DF82-DE53-4104-A653-BFCDAAE4C929}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/07 03:16:03 | 000,003,262 | R--- | M] () - F:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2006/04/17 23:58:14 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/01/24 02:04:01 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003/06/18 04:30:06 | 000,000,137 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1998/07/13 21:24:56 | 000,225,792 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [1998/01/05 22:01:50 | 000,004,710 | R--- | M] () - I:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [1998/01/16 18:40:48 | 000,000,051 | R--- | M] () - I:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{86ceb408-b5f2-11e1-8b8b-d5b697ae2082}\Shell - "" = AutoRun
O33 - MountPoints2\{86ceb408-b5f2-11e1-8b8b-d5b697ae2082}\Shell\AutoRun\command - "" = H:\Start.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/20 16:55:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/20 14:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/20 14:14:54 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2012/07/20 12:55:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/19 04:36:27 | 000,000,000 | ---D | C] -- C:\Systemrestore
[2012/07/19 04:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/19 04:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/19 04:33:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Admin\Desktop\erunt-setup.exe
[2012/07/18 21:32:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.scr
[2012/07/18 19:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/18 19:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/18 19:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/18 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/18 19:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/18 18:57:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HiJackThis204.exe
[2012/07/18 18:56:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Admin\Desktop\spybotsd162.exe
[2012/07/18 17:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\225932FD02E269D2DF603AE7F875F002
[2012/07/11 10:27:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 10:27:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 10:27:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 10:27:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 10:27:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 10:27:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 10:27:11 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 10:27:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 10:27:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 10:27:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 10:27:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 10:27:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 10:27:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 10:26:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 10:26:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 10:26:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 10:26:36 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 10:26:36 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 18:13:48 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/10 18:13:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/24 22:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/06/24 22:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
========== Files - Modified Within 30 Days ==========
[2012/07/20 16:56:27 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/07/20 16:55:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/20 14:14:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2012/07/20 13:04:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 13:04:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 13:01:06 | 000,786,678 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/20 13:01:06 | 000,657,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/20 13:01:06 | 000,123,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/20 12:59:38 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/20 12:57:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/20 12:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/20 12:56:11 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 04:34:26 | 000,000,905 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/19 04:33:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Admin\Desktop\erunt-setup.exe
[2012/07/18 22:24:07 | 000,003,520 | ---- | M] () -- C:\Users\Admin\Desktop\Attach.zip
[2012/07/18 21:32:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.scr
[2012/07/18 21:14:47 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/07/18 19:07:36 | 000,001,258 | ---- | M] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2012/07/18 19:01:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/18 19:01:09 | 000,792,524 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/18 18:58:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Admin\Desktop\spybotsd162.exe
[2012/07/18 18:57:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HiJackThis204.exe
[2012/07/16 17:45:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNicole.job
[2012/07/11 19:26:58 | 000,312,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 18:13:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/10 18:13:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/24 22:39:05 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk
[2012/06/23 18:10:56 | 000,000,771 | ---- | M] () -- C:\Windows\disney.ini
========== Files Created - No Company Name ==========
[2012/07/20 12:59:38 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/19 04:34:26 | 000,000,905 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/18 21:56:59 | 000,003,520 | ---- | C] () -- C:\Users\Admin\Desktop\Attach.zip
[2012/07/18 19:07:36 | 000,001,258 | ---- | C] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2012/07/18 19:01:50 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/18 19:01:14 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/18 17:08:44 | 000,001,696 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\U\00000001.@
[2012/06/24 22:39:05 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk
[2012/06/05 16:28:57 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012/03/23 01:14:12 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/03/23 01:13:44 | 000,000,771 | ---- | C] () -- C:\Windows\disney.ini
[2012/02/22 16:15:11 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/02/22 16:15:11 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/02/22 16:15:10 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/02/22 16:15:10 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2012/01/11 15:22:35 | 000,002,048 | -HS- | C] () -- C:\Users\Nicole\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\@
[2011/12/03 19:58:44 | 000,007,602 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011/09/16 03:26:21 | 000,792,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/14 22:57:11 | 000,232,393 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/08/14 22:13:16 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/07/04 08:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/04 08:08:11 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/07/04 08:07:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/04 08:07:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/04 08:07:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/04 08:07:03 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/04 08:02:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/08 22:54:49 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/02/23 01:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/12/17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
========== LOP Check ==========
[2011/08/29 01:48:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2011/08/13 01:51:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2011/08/15 00:13:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011/08/13 03:08:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Synaptics
[2011/09/16 01:46:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011/08/13 04:54:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2011/08/15 01:12:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011/10/27 04:31:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wargaming.net
[2012/05/21 00:35:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WhiteSmoke
[2011/08/28 21:17:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Blio
[2011/08/30 05:00:10 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Canneverbe Limited
[2012/01/24 20:12:35 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\IDT
[2011/08/13 03:47:51 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Opera
[2011/08/13 02:40:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Synaptics
[2012/07/14 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TeamViewer
[2011/08/13 04:54:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Thunderbird
[2012/01/18 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Unity
[2012/06/24 17:08:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\uTorrent
[2011/11/01 05:19:05 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Wargaming.net
[2012/07/17 22:43:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\WhiteSmoke
[2011/08/15 01:00:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\_MDLogs
[2012/06/12 11:07:20 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
BlackPanther1
2012-07-20, 17:09
OTL Extras logfile created on: 7/20/2012 4:58:29 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
5.95 Gb Total Physical Memory | 3.63 Gb Available Physical Memory | 61.06% Memory free
11.90 Gb Paging File | 9.39 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 560.05 Gb Free Space | 81.89% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
Drive F: | 3.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 589.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 297.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: NICOLE-HP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124BEC0C-01D2-4071-BCBE-D87A0A2607CF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{13672C84-A23B-4F1B-9D3C-981C59884BBA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15F57682-92DE-4966-A94D-29128931186C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2027AE13-E1C6-47FB-B782-924812971F09}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{232A45B6-4D0A-41AC-AFED-34E070E52ED7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{30D39826-FF22-4287-B3D1-F1A8D121891A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4CCC9B8B-952F-4734-89B3-A92BDE2FD09C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50012F07-CB83-4581-8441-AF69B25D2EB4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5878BC40-4270-4540-831D-A09D4677F8F8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7267AAC8-78D5-49A8-99A7-7FC983543C16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADEAC239-4CEE-450B-9897-EE0E50E9E0A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C131E5D6-2DD7-45B4-9A11-32207583EF15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0DACBD4-153E-4112-8CB7-6D7F7696CB3B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4F7BB11-16B7-4A6A-B87A-69348976FCF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB4782AF-AE80-40CA-9E1B-35D1FED28FB1}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002225F4-490C-46FA-A0B0-DCEED7E076F6}" = protocol=58 | dir=in | app=system |
"{036BFD22-621D-4DA1-A67C-1C0ED501659C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{059D45EA-11C5-4D5F-8A55-735E9E1A2EFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{0AC5C666-255A-4E4B-8C9B-C6E5FCB12D97}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0FF39452-9140-47DB-97AA-845A8D17A421}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1C964524-6BFD-41AD-B800-181EB17FF97C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1D181ABF-5329-4F3B-BF3B-F701D83D078C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{1E33B3A8-1EEE-4C02-8436-F0BCD332AE50}" = protocol=17 | dir=in | app=c:\users\nicole\downloads\getmedival\game\medieval.exe |
"{1E7D68AF-5350-4A79-BF28-DC441568CB23}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F8DA0A2-B307-4DCF-AC3B-4A7801A97B08}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22B617E4-D113-4391-AB29-63A9F5B197F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{247BB98C-A5B2-4128-8D8A-7E2B364EAB5F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{33C8B1DB-CFC3-417D-8256-5DC5D0C72BCE}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{35851D1A-7D10-4638-82A3-16FA421FBB27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{36B35A56-3024-428F-AF82-C147C6A48A0D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{382A2DCD-4943-4A72-BB92-43E4D5CE7FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3999F515-8E43-4246-9A1E-0B633DA31F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{3A46CC13-D644-4570-AAFA-2AC8A1341943}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{428C9D92-2580-4B18-ACBC-298B31CE371F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{43E37652-74D2-4C41-A5D7-84A4E6BEDCF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4630D53A-3EB8-4256-BF6F-4DF9498A11F2}" = protocol=6 | dir=in | app=c:\users\nicole\downloads\getmedival\game\medieval.exe |
"{466DE220-D07C-483A-8439-37D0CF891A87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46C551F1-832C-4609-B916-5931CA553B78}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CE5B415-1E8A-458C-943D-8AF6D0F733D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E86E6F0-9FA1-4A8D-B1D6-FD8E7E261897}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{51C0455F-F68B-40BB-A7A0-1F6294777D0F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58D4C019-C798-403F-B8D7-D63DD003AC8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59071472-E123-4509-988E-8B54492C6F42}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{5F3F0A9B-273A-4483-B804-8A6A2C42A323}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{6409B5F7-67BC-4599-85F5-9394DBA2A8B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{6893B56F-9229-43FE-A478-800EB99C287A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6B3F078E-9DF0-4427-9A71-CB87E69CC3F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B66FA63-8106-48DE-9461-5A5623718306}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6BDB4291-EAB7-4C9D-85DF-791347857A21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DBC0755-BD54-4C85-9C82-442634AE6208}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\7zsd114.tmp\symnrt.exe |
"{6E7F2734-8826-402E-990E-21A11338FAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"{6ED606B1-9C90-458C-853B-13EAB477C699}" = dir=in | app=e:\setup\hpznui40.exe |
"{752697A3-637C-4FFF-A05D-F7F4E1A197B0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"{76ACE160-882C-4FBC-8765-C2E118EFA34C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82F92889-E63B-4501-80CD-E381C54A393E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{888F7C0B-FC8C-42C9-91CB-ABF9FC0E5C18}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9261AE3B-2C8E-438A-8943-D91A56DDC82C}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\7zs8c57.tmp\symnrt.exe |
"{93716160-C059-4BF1-AE35-B9DC9D04B061}" = protocol=6 | dir=out | app=system |
"{938D1265-694F-447B-834A-E305D244DDB6}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{9E1C9DDD-2AC1-4B1D-A88E-D2D3DAE7F7CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A06132F7-DEE0-4890-88CE-FD427D96D4B4}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A605BA70-F755-4725-86EF-28EC3A370E58}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{A98C0577-2BCC-4BA5-B82C-607089EF8C24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{ADF802CD-1A95-4489-BE30-B6B4D46A926C}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\7zsd114.tmp\symnrt.exe |
"{B18D4220-D5E6-47DB-9BA8-4D0F345790C3}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{BA10F07B-845B-47AA-8CD6-EF2891518FD9}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{BAC3BA25-F24C-46EB-BAF0-8D8F5D273147}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BE0F2DC6-834E-44AE-8423-48F9E658B052}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BEBDFB96-7159-4F92-89ED-9A276190A45D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C03D446A-8392-421E-BAAF-FB500F1F1983}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\7zs8c57.tmp\symnrt.exe |
"{C1DC52E6-9EDB-4C8B-B4A1-4F1A0396ADF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{C1E40A21-2210-4B71-8532-537B55A71026}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{C6FE28B5-A31B-4A07-B40B-34704D2506FF}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{CE1181C2-C115-4C1A-B2DB-296024274023}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CF496EA9-87C3-400D-AF46-7D8B6087AEA4}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{D1883191-B645-4478-ADC0-94B6BE2C81D8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{DEEF4A86-7439-44A7-8B31-EC0638FF4F2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFD86EEF-9B9C-451E-B1CF-B1911F549353}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E04F929D-6689-4F67-8089-B54F84A670ED}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{E08CD860-7D93-4277-B8A1-2AB9BB9FABE7}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{E1C4AA00-060D-4989-AA76-D719BD643AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{E6C0CB53-44CE-4AA7-9E57-DCA43B70B120}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{E9A90DA5-EC1B-4D8C-9F2F-E65BF0A2714F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{EFDB3655-9553-4E92-90FB-65CAEF171552}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{FC38A29F-6BD6-4D35-BF60-3CB07D0ABD91}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{FE919D18-1B49-47ED-BB57-4D0F06B8C5A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FEAD0B5B-5478-4E7F-89FB-87B67B728657}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"TCP Query User{21AE635F-C406-4D4E-A7DE-62431FB3917D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{311EF496-08CB-4E2C-95EA-4BEC2E8763F9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{376FD79E-19DF-4693-A76A-0657FD73673E}C:\program files (x86)\thq\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest\titan quest.exe |
"TCP Query User{4261E676-3E42-42B3-A9E0-1ABB36017061}C:\users\nicole\downloads\getmedival\game\medieval.exe" = protocol=6 | dir=in | app=c:\users\nicole\downloads\getmedival\game\medieval.exe |
"TCP Query User{5A5052BA-46FE-45F7-969A-2F6B3D7C700B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{5A74C2DE-51B0-4B8A-9E4F-52953C2BBFCA}C:\1c\bluebyte\the settlers iv\exe\s4_main.exe" = protocol=6 | dir=in | app=c:\1c\bluebyte\the settlers iv\exe\s4_main.exe |
"TCP Query User{8975782E-A9AA-4DB9-92C9-0F6A2E785C29}C:\program files (x86)\serious sam 2\bin\sam2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\serious sam 2\bin\sam2.exe |
"TCP Query User{991E1619-DBC9-4407-B619-EFE2A46546A8}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{99FA1299-88CF-4DA1-985D-468AC4F3AFB7}C:\users\nicole\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\utorrent.exe |
"TCP Query User{9BC29F7D-F595-4382-A75C-C2064CE145DB}C:\users\nicole\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\nicole\desktop\utorrent.exe |
"TCP Query User{B6FE830A-4E7D-47FE-8416-901972C97008}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"TCP Query User{CABCF622-EED5-4747-A894-7F43F9FF5129}C:\users\nicole\downloads\mod\mod.exe" = protocol=6 | dir=in | app=c:\users\nicole\downloads\mod\mod.exe |
"TCP Query User{CD57BE58-46A0-4F48-9D36-4EFB33AD7B7A}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{D1044D23-FAE9-410C-868D-B594248B9E9D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{217324C6-D670-4A1B-9D75-B9D25D31D0D6}C:\users\nicole\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\utorrent.exe |
"UDP Query User{324A0FAD-B16C-4DD3-BCA8-8927BA3BD0AA}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{4E6BF419-1179-47DD-B9EA-FCE01A9A25BB}C:\users\nicole\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\nicole\desktop\utorrent.exe |
"UDP Query User{5EB43041-5634-435D-B529-369388A9BE95}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{62ECB65D-B768-4D26-BD61-30F26AB73B10}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{752BB666-EE76-4F58-88CC-13BB0DE6BB3A}C:\program files (x86)\thq\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest immortal throne\tqit.exe |
"UDP Query User{7A675BA8-9F82-4D4A-B079-4A4784D5541A}C:\users\nicole\downloads\mod\mod.exe" = protocol=17 | dir=in | app=c:\users\nicole\downloads\mod\mod.exe |
"UDP Query User{AAC69A9A-E1C5-4032-9EC7-D019B42996D6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{B80D260D-420E-4E7C-B574-93AA849B5776}C:\users\nicole\downloads\getmedival\game\medieval.exe" = protocol=17 | dir=in | app=c:\users\nicole\downloads\getmedival\game\medieval.exe |
"UDP Query User{C99D2BAC-F3BB-4B7A-8ECE-9EE2C7C9129B}C:\1c\bluebyte\the settlers iv\exe\s4_main.exe" = protocol=17 | dir=in | app=c:\1c\bluebyte\the settlers iv\exe\s4_main.exe |
"UDP Query User{E1CBCF38-E437-4DF6-8FFB-1505C114E2DB}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{F2A43C40-D289-4882-8737-83E78910C029}C:\program files (x86)\thq\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\titan quest\titan quest.exe |
"UDP Query User{F2C7C469-6E6E-4C7E-AC45-87610DAFDFC6}C:\program files (x86)\serious sam 2\bin\sam2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\serious sam 2\bin\sam2.exe |
"UDP Query User{FA69BEB4-17B4-4109-93D1-5BA64BD7ECBC}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2184D9EA-4E5B-43FD-914E-4563CF028C94}" = MetalGearSolid2 Substance
"{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C2E3DF0-5E32-48DA-AE35-2CC79E934AFA}" = SilentInstall
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common
"{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek
"{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59772D11-9D88-4020-838C-6F4864D0DE8A}" = Many Faces of Go 12
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel(R) Wireless Display
"{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A155B015-7FBB-41C1-8277-D88623310F2A}" = Unlimited Data Manager 9.1.0
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian
"{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English
"{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{F8070C51-4B1D-430C-8BCF-19696368366F}" = HP Software Framework
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy" = Creative ALchemy Universal
"Dethkarz" = Dethkarz
"EasyBits Magic Desktop" = Magic Desktop
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"Opera 12.00.1467" = Opera 12.00
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"SilentInstall" = SilentInstall
"uTorrent" = µTorrent
"VMware_Player" = VMware Player
"WhiteSmoke" = WhiteSmoke
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/13/2012 1:34:13 AM | Computer Name = Nicole-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 2/13/2012 1:34:13 AM | Computer Name = Nicole-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 2/13/2012 1:34:13 AM | Computer Name = Nicole-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 2/13/2012 10:03:47 AM | Computer Name = Nicole-HP | Source = WinMgmt | ID = 10
Description =
Error - 2/13/2012 10:44:34 AM | Computer Name = Nicole-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 2/13/2012 10:44:34 AM | Computer Name = Nicole-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 2/13/2012 10:44:34 AM | Computer Name = Nicole-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 2/13/2012 5:30:53 PM | Computer Name = Nicole-HP | Source = WinMgmt | ID = 10
Description =
Error - 2/13/2012 5:49:31 PM | Computer Name = Nicole-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 2/13/2012 8:04:19 PM | Computer Name = Nicole-HP | Source = WinMgmt | ID = 10
Description =
[ HP Connection Manager Events ]
Error - 7/20/2012 8:08:06 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:08:06.382|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:08:08 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:08:08.254|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:08:14 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:08:14.837|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:08:21 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:08:21.213|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:08:22 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:08:22.726|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:11:43 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:11:43.490|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:11:43 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:11:43.739|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:11:45 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:11:45.174|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:11:49 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:11:49.542|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/20/2012 8:11:50 AM | Computer Name = Nicole-HP | Source = hpCMSrv | ID = 5
Description = 2012/07/20 14:11:50.917|000011E0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ System Events ]
Error - 7/3/2012 5:32:58 AM | Computer Name = Nicole-HP | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom1.
Error - 7/3/2012 5:32:58 AM | Computer Name = Nicole-HP | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom3.
Error - 7/3/2012 5:32:58 AM | Computer Name = Nicole-HP | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom4.
Error - 7/3/2012 6:27:23 PM | Computer Name = Nicole-HP | Source = DCOM | ID = 10010
Description =
Error - 7/10/2012 12:38:25 PM | Computer Name = Nicole-HP | Source = DCOM | ID = 10010
Description =
Error - 7/12/2012 6:13:23 AM | Computer Name = Nicole-HP | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom2.
Error - 7/19/2012 6:51:37 PM | Computer Name = Nicole-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.161.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 7/19/2012 7:45:52 PM | Computer Name = Nicole-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.161.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 7/19/2012 8:39:58 PM | Computer Name = Nicole-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.161.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 7/20/2012 8:08:33 AM | Computer Name = Nicole-HP | Source = DCOM | ID = 10010
Description =
< End of report >
Also, I ran MBAM again, and although it was updated, it did not finde Whitesmoke, nor anything else.
Hi,
uTorrent <--Heads up on this or any form or file sharing, your downloading that file from an unknown source and malware writers are in tune to this and not all but some of those files can be infected, its like playing Russian Roulette malwarewise, I would never allow any form of file sharing on any of my systems, I suggest you uninstall it.
Whitesmoke <-- it looks like it can be uninstalled via Programs and Features in the Control Panel, but I kind of doubt this will work but give it a shot.
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
:Files
C:\Program Files (x86)\WhiteSmoke
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
BlackPanther1
2012-07-20, 18:18
Here is the log from the fix:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\WhiteSmoke\WCaptureMoz\plugins folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\WCaptureMoz\components folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\WCaptureMoz\chrome\content folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\WCaptureMoz\chrome folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\WCaptureMoz folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide\images folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide\css folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\userGuide folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\objects\p7tm folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\objects folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\img\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\images folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Well Wishes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Thank You folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\University Correspondence folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Resumes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Personal Correspondence folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Careers folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students\Admissions Essays folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Students folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Personal Matters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Resumes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Promotions folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Legal folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary\Advertising folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Literary folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Resumes folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Letters of Recommendation folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters\Job Search Cover Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Resumes and Cover Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Personnel Office folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Resignation Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Thank You Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Job Acceptance folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees\Employment Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Hiring Employees folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination\Dismissal and Rejection folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Hiring and Termination folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Employment Requests folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Employee Reference Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources\Employee Manual folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Human Resources folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Greetings\Graduation folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Greetings\Christmas folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Greetings folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Finance folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Family folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Cover Letters folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Condolences folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Community Work folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General\Apologies folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates\General folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\templates folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings\css folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\settings folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\registration folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\js\NonPackedVersion folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\screens folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\review-section folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\grammar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\captionbar folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\gui folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\js\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton_howto folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\floatingButton folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\style folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\msdropdown folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\img\Buttons folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\img\Background folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\img folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\icons folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\common\js folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\common\iepngfix folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english\common folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html\english folder moved successfully.
C:\Program Files (x86)\WhiteSmoke\html folder moved successfully.
C:\Program Files (x86)\WhiteSmoke folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 37728814 bytes
->Temporary Internet Files folder emptied: 19086075 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6168840 bytes
->Opera cache emptied: 554239 bytes
->Flash cache emptied: 2612 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nicole
->Temp folder emptied: 73861397 bytes
->Temporary Internet Files folder emptied: 393558463 bytes
->Java cache emptied: 63865799 bytes
->FireFox cache emptied: 451482389 bytes
->Opera cache emptied: 22461058 bytes
->Flash cache emptied: 18850 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2824794 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 12635662 bytes
Total Files Cleaned = 1,034.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07202012_175217
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3120.log moved successfully.
PendingFileRenameOperations files...
File C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3120.log not found!
Registry entries deleted on Reboot...
And here the new OTL scan log:
OTL logfile created on: 7/20/2012 6:06:31 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
5.95 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 68.41% Memory free
11.90 Gb Paging File | 9.74 Gb Available in Paging File | 81.90% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.87 Gb Total Space | 563.22 Gb Free Space | 82.36% Space Free | Partition Type: NTFS
Drive D: | 14.47 Gb Total Space | 1.61 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
Drive F: | 3.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 589.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 297.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: NICOLE-HP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LSCAGui.exe (Swisscom)
PRC - C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe (Swisscom)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ()
MOD - C:\Program Files (x86)\VMware\VMware Player\zlib1.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_thread-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_serialization-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_regex-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_filesystem-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_date_time-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\boost_system-vc80-mt-1_39.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\ImageFormats\qgif4.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\QtGui4.dll ()
MOD - C:\Program Files (x86)\Swisscom\Unlimited Data Manager\QtCore4.dll ()
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UDM Service) -- C:\Program Files (x86)\Swisscom\Unlimited Data Manager\DashBoardS.exe (Swisscom)
SRV - (SesamService) -- C:\Program Files (x86)\Swisscom\Sesam\BIN\SecMIPService.exe (Swisscom)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WtSmpFlt) -- C:\Windows\SysNative\drivers\wtsmpflt.sys (Swisscom)
DRV:64bit: - (wtsmpadap) -- C:\Windows\SysNative\drivers\wtsmpadap.sys (Swisscom)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{3565E2D5-87FD-42ED-AA1D-87006E11CAC2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{3565E2D5-87FD-42ED-AA1D-87006E11CAC2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{3565E2D5-87FD-42ED-AA1D-87006E11CAC2}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/14 23:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files (x86)\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2012/06/14 09:23:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/22 02:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/14 23:03:47 | 000,000,000 | ---D | M]
[2011/08/13 04:54:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: Website Logon = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
O1 HOSTS File: ([2012/07/20 17:52:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dashboard] File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UDM] C:\Program Files (x86)\Swisscom\Unlimited Data Manager\LscaGui.exe (Swisscom)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-622088572-2977392544-4208331882-1001..\Run: [Power2GoExpress] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-622088572-2977392544-4208331882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B56DF82-DE53-4104-A653-BFCDAAE4C929}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/07 03:16:03 | 000,003,262 | R--- | M] () - F:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2006/04/17 23:58:14 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/01/24 02:04:01 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003/06/18 04:30:06 | 000,000,137 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1998/07/13 21:24:56 | 000,225,792 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [1998/01/05 22:01:50 | 000,004,710 | R--- | M] () - I:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [1998/01/16 18:40:48 | 000,000,051 | R--- | M] () - I:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{86ceb408-b5f2-11e1-8b8b-d5b697ae2082}\Shell - "" = AutoRun
O33 - MountPoints2\{86ceb408-b5f2-11e1-8b8b-d5b697ae2082}\Shell\AutoRun\command - "" = H:\Start.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/20 17:52:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/20 16:55:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/20 14:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/20 14:14:54 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2012/07/20 12:55:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/19 04:36:27 | 000,000,000 | ---D | C] -- C:\Systemrestore
[2012/07/19 04:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/07/19 04:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/07/19 04:33:50 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Admin\Desktop\erunt-setup.exe
[2012/07/18 21:32:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.scr
[2012/07/18 19:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/18 19:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/18 19:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/18 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/18 19:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/18 18:57:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HiJackThis204.exe
[2012/07/18 18:56:19 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Admin\Desktop\spybotsd162.exe
[2012/07/18 17:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\225932FD02E269D2DF603AE7F875F002
[2012/07/11 10:27:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 10:27:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 10:27:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 10:27:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 10:27:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 10:27:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 10:27:11 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 10:27:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 10:27:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 10:27:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 10:27:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 10:27:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 10:27:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 10:26:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 10:26:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 10:26:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 10:26:36 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 10:26:36 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 18:13:48 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/10 18:13:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/24 22:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/06/24 22:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
========== Files - Modified Within 30 Days ==========
[2012/07/20 18:02:54 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 18:02:54 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/20 18:00:04 | 000,786,678 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/20 18:00:04 | 000,657,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/20 18:00:04 | 000,123,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/20 17:55:18 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/07/20 17:55:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/20 17:55:01 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 17:52:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/20 16:55:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/20 14:14:54 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2012/07/20 12:59:38 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/20 12:57:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/19 04:34:26 | 000,000,905 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/19 04:33:51 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Admin\Desktop\erunt-setup.exe
[2012/07/18 22:24:07 | 000,003,520 | ---- | M] () -- C:\Users\Admin\Desktop\Attach.zip
[2012/07/18 21:32:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.scr
[2012/07/18 21:14:47 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012/07/18 19:07:36 | 000,001,258 | ---- | M] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2012/07/18 19:01:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/18 19:01:09 | 000,792,524 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/18 18:58:11 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Admin\Desktop\spybotsd162.exe
[2012/07/18 18:57:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HiJackThis204.exe
[2012/07/16 17:45:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNicole.job
[2012/07/11 19:26:58 | 000,312,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 18:13:48 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/10 18:13:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/24 22:39:05 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk
[2012/06/23 18:10:56 | 000,000,771 | ---- | M] () -- C:\Windows\disney.ini
========== Files Created - No Company Name ==========
[2012/07/20 12:59:38 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/19 04:34:26 | 000,000,905 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2012/07/18 21:56:59 | 000,003,520 | ---- | C] () -- C:\Users\Admin\Desktop\Attach.zip
[2012/07/18 19:07:36 | 000,001,258 | ---- | C] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk
[2012/07/18 19:01:50 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/18 19:01:14 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/18 17:08:44 | 000,001,696 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\U\00000001.@
[2012/06/24 22:39:05 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon Complete Collection.lnk
[2012/06/05 16:28:57 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2012/03/23 01:14:12 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/03/23 01:13:44 | 000,000,771 | ---- | C] () -- C:\Windows\disney.ini
[2012/02/22 16:15:11 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/02/22 16:15:11 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/02/22 16:15:10 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/02/22 16:15:10 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2012/01/11 15:22:35 | 000,002,048 | -HS- | C] () -- C:\Users\Nicole\AppData\Local\{17fa1868-de07-0457-3d17-6e3b055b5d80}\@
[2011/12/03 19:58:44 | 000,007,602 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011/09/16 03:26:21 | 000,792,524 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/14 22:57:11 | 000,232,393 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/08/14 22:13:16 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/07/04 08:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/04 08:08:11 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/07/04 08:07:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/04 08:07:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/04 08:07:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/07/04 08:07:03 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/04 08:02:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/08 22:54:49 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/02/23 01:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/12/17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
< End of report >
:bigthumb:
Things running ok ?
BlackPanther1
2012-07-21, 10:25
On the user that was infected before, everything seems fine, except for one thing. I noticed an icon named White Smoke on my desktop. I did not find any entry in the Program and Features, nor in the Programs folder, however, I can double click that icon which then opens a notification icon to the right in the task bar and gives me some options on things like a dictionary. So some things of white smoke still seem to remain on that user.
The administrator account is fine though; there, everything disappeared and the White Smoke icon does not open anything anymore, except for a windows error message.
BlackPanther1
2012-07-21, 10:31
I'm sorry, I just noticed that the administrator account has the same problem. The icon is there, and the icon in the task bar pops up as soon as I double click it. I think that there was an error in the program and features though, since I checked those after the fix, and the program was still there, but windows could not do anything with it since the program's folder was deleted, so that was the error message I remembered. Sorry for the confusion.
So on both accounts there is the icon of White Smoke, opening a notification icon in the task bar, where you could choose several options.
Lets take a deeper look
You need to download and run the 64bit version
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
whitesmoke
:folderfind
whitesmoke
:Regfind
whitesmoke
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
BlackPanther1
2012-07-21, 12:25
Here would be the log from that scan:
SystemLook 30.07.11 by jpshortstuff
Log created at 12:23 on 21/07/2012 by Admin
Administrator - Elevation successful
========== filefind ==========
Searching for "whitesmoke"
No files found.
========== folderfind ==========
Searching for "whitesmoke"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [22:34 20/05/2012]
C:\Users\Admin\AppData\Roaming\WhiteSmoke d------ [22:35 20/05/2012]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke d------ [22:34 20/05/2012]
C:\Users\Nicole\AppData\Roaming\WhiteSmoke d------ [22:37 20/05/2012]
C:\_OTL\MovedFiles\07202012_175217\C_Program Files (x86)\WhiteSmoke d------ [22:34 20/05/2012]
========== Regfind ==========
Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"Dir"="C:\Program Files (x86)\WhiteSmoke\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"ProductName"="WhiteSmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
"WebsiteUrl"="www.WhiteSmoke.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"PostURL"="http://grammar.whitesmoke.com/client_v2/post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WebTemplateWelcome"="http://grammar.whitesmoke.com/client_v2/templates/template_welcome.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Support"="http://grammar.whitesmoke.com/client_V2/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=SupportButton&utm_campaign=SupportButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UpgradeProfile"="https://buy.whitesmoke.com/?d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=BuyButton&utm_campaign=BuyButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictURL"="http://grammar.whitesmoke.com/client_v2/lib/action.post.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictLanding"="http://grammar.whitesmoke.com/client_v2/dict/promotion.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"DictExpired"="http://grammar.whitesmoke.com/client_v2/dict/expired.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WebClient"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen1.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Demo"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"Purchase"="http://www.whitesmoke.com/buy.php?id_client=7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"RegistrationForm"="http://whitesmoke.com/registersoft/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UseIt"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=GuideButton&utm_campaign=GuideButton&first_time=yes&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"UserGuide"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=2&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=GuideButton&utm_campaign=GuideButton&"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"WelcomeURL"="http://grammar.whitesmoke.com/client_v2/welcome/welcome_screen.php"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\SoftwareUrls]
"FAQ"="http://grammar.whitesmoke.com/client_v2/help/index.html?state=3&d=11&a=8&r=0&utm_source=WhiteSmokeSoftware&utm_medium=Client&utm_content=FaqButton&utm_campaign=FaqButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{03E0DF2F-5DD6-4E6D-8DD8-FDACE6DDED11}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}\ToolboxBitmap32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}]
"LocalizedString"="@C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll,-100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{537E23DF-DF2A-46AC-AC4A-F1E40E0CDC02}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{78F44EB2-0CDF-4b37-B211-B34F20C69788}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F33928A1-8849-48DE-BECB-829D7727AAF2}\InProcServer32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\secman.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\osmax.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{97FD9656-07A9-4EEA-911C-16E1375BDBB4}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\WSEngine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F}\1.0\0\win32]
@="C:\Program Files (x86)\WhiteSmoke\ComVistaElevator.dll"
[HKEY_USERS\S-1-5-21-622088572-2977392544-4208331882-1001\Software\WhiteSmoke]
-= EOF =-
Make sure you do this first
Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:processes
killallprocesses
:OTL
:Services
:Reg
[-HKEY_CURRENT_USER\Software\WhiteSmoke]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
:Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke
C:\Users\Admin\AppData\Roaming\WhiteSmoke
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke
C:\Users\Nicole\AppData\Roaming\WhiteSmoke
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
BlackPanther1
2012-07-21, 13:03
I did run ERUNT and created a system restore point.
Here is the log that was created after the fix:
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\WhiteSmoke\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ deleted successfully.
========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhiteSmoke folder moved successfully.
C:\Users\Admin\AppData\Roaming\WhiteSmoke folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WhiteSmoke not found.
C:\Users\Nicole\AppData\Roaming\WhiteSmoke folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 22669 bytes
->Temporary Internet Files folder emptied: 226193 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 996 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nicole
->Temp folder emptied: 6844 bytes
->Temporary Internet Files folder emptied: 166620 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 2019996 bytes
->Flash cache emptied: 725 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42366 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 588727 bytes
Total Files Cleaned = 3.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07212012_125909
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2320.log moved successfully.
PendingFileRenameOperations files...
File C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2320.log not found!
Registry entries deleted on Reboot...
Great, if the whitesmoke icon is still on your desktop just drag it to the trash.
All ok ?
BlackPanther1
2012-07-21, 14:00
Yes, now everything seems to be gone.
I will post on this forum again if anything would come up.
Thank you very much! I appreciate your help.
Your very welcome, I will close this thread tomorrow, after its closed if you want it reopened you can send me or an administrator a PM, or just start a new topic.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.