Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer seems a bit sluggish!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer seems a bit sluggish!

Unread postby Max Power » November 3rd, 2011, 8:57 pm

Hi, I downloaded hotspot shield because I wanted an IP blocker. I thought the program was legit
and it seemed to work. However, after I uninstalled the computer seems slower and the browser has gone
to some redirect sites. Here's the DDS log.
Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Aaron at 18:42:55 on 2011-11-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3069.1441 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Users\Aaron\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Google Update] "c:\users\aaron\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [WMAAD] c:\program files\sony\walkman launcher\WMAAD.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0ItSkhGTkg"&"inst=NzctNjE1NjI0NjIxLVhMKzEtVDQtRlA5Mis2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TVUQrMS1TMUkrMS1TVTMrMS1ERFQrMA"&"prod=90"&"ver=10.0.1388
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 172.16.1.254
TCP: Interfaces\{A01F0C2C-E885-494B-B943-7CD117F39A72} : DhcpNameServer = 172.16.1.254
TCP: Interfaces\{C0986AE4-FA3C-43E3-BB1B-BC100599DCB8} : DhcpNameServer = 10.97.96.1
TCP: Interfaces\{C753167B-20AC-48AB-BAE5-C5DE50E31C32} : DhcpNameServer = 172.16.1.254
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~2\googledesktopnetwork3.dll c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl6de2a5a5;MpKsl6de2a5a5;c:\programdata\microsoft\microsoft antimalware\definition updates\{9bd3e674-781f-4dea-b94c-579b1d5b5db5}\MpKsl6de2a5a5.sys [2011-11-3 28752]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-5-15 73728]
R2 CDMA Device Service;CDMA Device Service;c:\program files\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-16 63488]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-8-2 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-19 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-27 22216]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-9-16 77624]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-9-16 20032]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-15 30192]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2008-10-29 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2008-10-29 67760]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-9-16 181432]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2011-8-2 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2011-8-2 19968]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-5-15 209408]
.
=============== Created Last 30 ================
.
2011-11-04 00:34:13 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9bd3e674-781f-4dea-b94c-579b1d5b5db5}\MpKsl6de2a5a5.sys
2011-11-04 00:33:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9bd3e674-781f-4dea-b94c-579b1d5b5db5}\offreg.dll
2011-11-04 00:33:49 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9bd3e674-781f-4dea-b94c-579b1d5b5db5}\mpengine.dll
2011-10-11 23:18:11 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 23:18:11 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-11 23:18:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-11 23:18:11 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 23:18:04 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-11 23:18:04 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-11 23:18:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 23:18:04 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 23:18:01 2043392 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-10-12 08:13:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:43:39.33 ===============
Max Power
Member+
 
Posts: 27
Joined: June 11th, 2011, 1:32 pm
Advertisement
Register to Remove

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 6th, 2011, 3:24 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 6th, 2011, 3:32 pm

Hi Max Power,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator


Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Right click the .exe file and select: Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer seems a bit sluggish!

Unread postby Max Power » November 7th, 2011, 4:26 pm

Hi, The computer is for personal use. I had to run GMER in safe mode. Not all of the options are able to
be checked on the right in safe mode. Here are the logs:

OTL logfile created on: 07/11/2011 1:19:31 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aaron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free
6.19 Gb Paging File | 3.72 Gb Available in Paging File | 59.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 110.74 Gb Free Space | 50.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.48 Gb Free Space | 54.85% Space Free | Partition Type: NTFS

Computer Name: CEREBRO | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Users\Aaron\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe ()
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\91abd6bb7b617d35d7cca73b0a72a729\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\167cb8990c9f24c3c84d564f4075e2ad\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Users\Aaron\AppData\Local\temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Samsung\Kies\Plugins\DeviceVideo\DeviceVideo.dll ()
MOD - C:\Program Files\Samsung\Kies\Plugins\DevicePodcast\DevicePodcast.dll ()
MOD - C:\Program Files\Samsung\Kies\Plugins\DevicePhoto\DevicePhoto.dll ()
MOD - C:\Program Files\Samsung\Kies\Plugins\DeviceCommonLib\DeviceCommonLib.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll ()
MOD - C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.dll ()
MOD - C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll ()
MOD - C:\Program Files\Samsung\Kies\Plugins\StoreLib\StoreLib.dll ()
MOD - C:\Program Files\Samsung\Kies\UI\Kies.UI.dll ()
MOD - C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll ()
MOD - C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll ()
MOD - C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll ()
MOD - C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll ()
MOD - C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll ()
MOD - C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll ()
MOD - C:\Program Files\Samsung\Kies\External\MediaModules\DNSe.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
MOD - C:\Windows\System32\APOMngr.dll ()
MOD - C:\Windows\System32\CmdRtr.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (CDMA Device Service) -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (ICScsiSV) -- C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe (Sony Corporation)
SRV - (IcVzMonLauncher) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe (Sony Corporation)
SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV - (MpKsl609e4a09) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19743FE9-F1F8-4632-B5A3-C007C2AAE596}\MpKsl609e4a09.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-268883476-961013613-3955795002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKU\S-1-5-21-268883476-961013613-3955795002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-268883476-961013613-3955795002-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aaron\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/07/29 16:38:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-268883476-961013613-3955795002-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe (Sony Corporation)
O4 - HKU\S-1-5-21-268883476-961013613-3955795002-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-268883476-961013613-3955795002-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-268883476-961013613-3955795002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-268883476-961013613-3955795002-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-268883476-961013613-3955795002-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A01F0C2C-E885-494B-B943-7CD117F39A72}: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0986AE4-FA3C-43E3-BB1B-BC100599DCB8}: DhcpNameServer = 10.97.96.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C753167B-20AC-48AB-BAE5-C5DE50E31C32}: DhcpNameServer = 172.16.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 13:16:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/11/04 11:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/11/04 11:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/11/03 18:42:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2011/11/01 12:03:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/01 12:03:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/01 12:03:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/16 13:09:45 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\CyberLink
[2011/10/11 17:20:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/11 17:20:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/11 17:20:37 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/11 17:20:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/11 17:20:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/11 17:18:11 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/11 17:18:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/11 17:18:04 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/11 17:18:04 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/11 17:18:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/11 17:18:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/11 17:18:01 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/05/26 18:21:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Aaron\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/11/07 13:16:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe
[2011/11/07 12:46:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-268883476-961013613-3955795002-1000UA.job
[2011/11/07 12:27:31 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 12:27:31 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/07 08:46:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-268883476-961013613-3955795002-1000Core.job
[2011/11/06 23:25:00 | 000,002,609 | ---- | M] () -- C:\Users\Aaron\Desktop\Microsoft Office Word 2003.lnk
[2011/11/04 11:34:59 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/11/04 11:34:59 | 000,001,396 | ---- | M] () -- C:\Users\Aaron\Desktop\DivX Movies.lnk
[2011/11/04 11:34:39 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/11/04 11:31:17 | 000,287,053 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/11/03 23:42:56 | 000,287,053 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/11/03 23:40:40 | 000,036,352 | ---- | M] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 20:47:56 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/03 20:47:56 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/03 18:42:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aaron\Desktop\dds.scr
[2011/11/02 18:26:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/02 18:26:44 | 3217,141,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 02:13:50 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/12 00:59:48 | 000,397,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/10 13:06:11 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/11/04 11:34:59 | 000,001,396 | ---- | C] () -- C:\Users\Aaron\Desktop\DivX Movies.lnk
[2011/11/04 11:34:39 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/11/04 11:34:19 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/08/02 21:24:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/02 21:23:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/02 21:23:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/07/25 21:33:09 | 000,000,224 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/07/25 21:33:09 | 000,000,176 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/07/25 21:33:05 | 000,000,392 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011/06/01 19:44:11 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2009/10/06 01:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/10/29 08:37:13 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2008/10/08 15:20:37 | 000,007,592 | ---- | C] () -- C:\Users\Aaron\AppData\Local\d3d9caps.dat
[2008/08/26 09:27:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/29 15:10:00 | 000,001,474 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\wklnhst.dat
[2008/05/27 11:55:01 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/05/27 07:53:06 | 000,000,100 | ---- | C] () -- C:\Windows\smrpro.INI
[2008/05/26 18:21:58 | 000,000,668 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\vso_ts_preview.xml
[2008/05/26 18:21:05 | 000,007,887 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\pcouffin.cat
[2008/05/26 18:21:05 | 000,001,144 | ---- | C] () -- C:\Users\Aaron\AppData\Roaming\pcouffin.inf
[2008/05/26 17:31:16 | 000,036,352 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 15:19:26 | 000,287,053 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/05/26 14:01:44 | 000,287,053 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/05/15 18:10:04 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/05/15 18:10:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/05/15 10:37:00 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/05/15 10:36:59 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/05/15 10:31:48 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2008/05/15 10:27:43 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/05/15 10:27:43 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/05/15 10:27:43 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2007/10/12 16:20:06 | 000,151,417 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,397,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409

< End of report >

OTL Extras logfile created on: 07/11/2011 1:19:31 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aaron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free
6.19 Gb Paging File | 3.72 Gb Available in Paging File | 59.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 110.74 Gb Free Space | 50.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.48 Gb Free Space | 54.85% Space Free | Partition Type: NTFS

Computer Name: CEREBRO | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D6E3B9-243B-45C7-99DB-F0A5B77F87F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12E75B3A-0745-4E73-AD3F-DA98D4EE5DF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1548989B-8A34-4C8A-9564-6EC8B83D5788}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1B32676C-B42C-44A4-89F0-6BA0615ED863}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{35E53ECF-086B-4131-8166-16B0C47C645A}" = rport=137 | protocol=17 | dir=out | app=system |
"{37E75CCF-D1A9-4B5F-AD77-24864DD67CB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{45C3345C-3301-4EE6-89F8-CF034F332DAB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6B5DF8EC-0EF0-4F70-BDFA-920D43C05429}" = lport=2869 | protocol=6 | dir=in | app=system |
"{79A1C865-DC9D-4E63-9302-CD2B113582DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{7BC80C1E-0F9F-4A8A-A964-F9B799AD3859}" = lport=445 | protocol=6 | dir=in | app=system |
"{81A9E388-C718-497D-82C1-091E0A082A0C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9B60B296-271E-44E7-A3E5-9279772AD7AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF7E9190-3C4A-4BA3-86C3-9D84DA0E58B1}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CB855719-4938-41D0-9435-9DDFA4D5645C}" = rport=445 | protocol=6 | dir=out | app=system |
"{D1091E7E-47DB-404B-8477-5597341115AF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E304CD2F-1034-4216-8618-87B1988300D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F223BE44-2760-4377-9166-4085F2109A5D}" = rport=139 | protocol=6 | dir=out | app=system |
"{F876DE0B-6726-407B-8015-0AA7F219425C}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036EA6F3-4990-442B-B9B2-99908DA8B75E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{084D3CE5-35C8-4FFC-995B-3764611BCA22}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08EB0D88-F782-4D7D-A167-B0BB3A4D954B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F9B6E0F-FD38-4165-865C-C6F2B79E6A55}" = protocol=6 | dir=in | app=e:\hiw\stinstall.exe |
"{259C2F33-E326-4907-994D-EFA154E4668D}" = protocol=17 | dir=in | app=e:\hiw\stinstall.exe |
"{35630DC7-FB83-4AE3-B101-BD641C31CA2E}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{3DB853AA-B25D-4143-9DEA-F1C811A023E0}" = protocol=6 | dir=in | app=c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{49F9430F-B8DD-4219-AF75-C33423E07BC4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{603D6A90-4DD1-49E8-AA71-528411CC49BB}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6E7C2DE9-7139-481E-B918-E53C445E8DD1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{707EE00D-E88F-4432-8A25-26D410984A1F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{80E53612-C5C4-485D-A200-C757A4E93F3E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{83BC00F7-034C-490D-83FA-A988458A5683}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{84A9F41E-EC12-40E5-A8AC-F3A6800E3A72}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{86852130-ABD5-4C79-9B56-1DEB1B18BEF1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8C1D112F-3CA6-4AA6-992A-008BEB2CEE11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93AB8C43-9782-414C-BF92-24AEA116BE3E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9AC7EB6F-D4F3-4394-8EEF-86AFFD45D9A0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A156AEFE-1061-4C83-854B-B23DA14C85EE}" = protocol=17 | dir=in | app=e:\hiw\stinstall.exe |
"{AD14357B-3018-4964-B195-629A621C91A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B153BBE9-80E8-4FA0-B166-6938F4E849F7}" = protocol=17 | dir=in | app=c:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe |
"{B5A1058F-57E0-48BF-BD09-B0130A52D74D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{BCAD29D1-442C-427F-B694-AF14077C1A48}" = protocol=6 | dir=in | app=c:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"{C60BB8A2-E49D-4508-B7F2-6F63966A35B8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C92CCE28-9950-4D06-A4DC-9FC2BE0C8242}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CC5CE8E6-279B-434C-B277-3CF88EEC7F05}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D6E430D5-DC05-4123-8724-86DDC9805113}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D951074E-61CA-400A-B255-12810EFBBF37}" = protocol=6 | dir=in | app=e:\hiw\stinstall.exe |
"{DECA0C7B-52EB-42B7-A07F-BA154D60D95A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E3AC86E1-875C-4DCA-9777-0A9FB1AB4730}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{EA315F5E-0A58-4D7E-9BA2-32AFFBABAED9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EC1D1B34-625D-49E6-9DD6-2981AA5B486A}" = protocol=17 | dir=in | app=c:\program files\eidos\kane and lynch dead men\kaneandlynch.exe |
"TCP Query User{401D0E7A-0695-4FFC-BB72-9762F619BDD8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{59519081-8E47-4080-A6F3-C6F743F76477}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{39617B13-98C4-49D9-87FC-B3379EE54C8B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{59F807BA-29F0-4D69-9A0A-5361CC1798CB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series" = Canon MX350 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{585D96E5-1A6A-410C-8F5F-F606CA1CCE1C}" = UFile 2010
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = Dynasty Warriors 6
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}" = PDF Manual NW-A800 Series
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A859FA27-05AF-4295-BF2C-A9D3A5A707EE}" = UFile Updater 2010
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C20B3C31-28CD-4732-AE45-A30F401AF91F}" = WALKMAN Launcher
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}" = Video Downloader
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE013D72-CF3D-41A8-BC09-C38070FDE2CB}" = Image Converter 3
"3 USB Modem" = 3 USB Modem
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CloneDVD2" = CloneDVD2
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Setup" = DivX Setup
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.2.5
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Sound Normalizer_is1" = Sound Normalizer 2.47
"SpeedFan" = SpeedFan (remove only)
"Super Mp3 Recorder Professional_is1" = Super Mp3 Recorder Professional v6.2
"UT2004" = Unreal Tournament 2004
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.4.551
"WinRAR archiver" = WinRAR archiver
"Write-N-Cite" = Write-N-Cite

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-268883476-961013613-3955795002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = DYNASTY WARRIORS 6
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/09/2011 5:18:06 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2011 5:18:07 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2011 5:18:07 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2011 5:18:08 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2011 5:18:08 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2011 5:18:09 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2011 5:18:09 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 06/09/2011 5:18:09 PM | Computer Name = Cerebro | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 27/09/2011 2:16:50 PM | Computer Name = Cerebro | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "F:\MBRBackup.exe".Error
in manifest or policy file "F:\MBRBackup.exe" on line 0. Invalid Xml syntax.

Error - 12/10/2011 1:55:42 PM | Computer Name = Cerebro | Source = EventSystem | ID = 4622
Description =

[ Media Center Events ]
Error - 08/09/2009 3:27:08 PM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 03/10/2009 5:46:41 PM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 13/12/2009 6:51:10 PM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 30/01/2010 9:45:47 PM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 15/04/2010 11:30:33 PM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 25/04/2010 3:40:25 AM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 25/04/2010 4:44:16 AM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 25/04/2010 5:54:53 AM | Computer Name = Cerebro | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 02/11/2011 8:22:45 PM | Computer Name = Cerebro | Source = Print | ID = 6161
Description = The document PSYCHIATRY%20PHASE%20C%20ASSESSMENT%20FORM_06Oct2011.pdf,
owned by Aaron, failed to print on printer Canon MP640 series Printer. Try to print
the document again, or restart the print spooler. Data type: NT EMF 1.008. Size
of the spool file in bytes: 842928. Number of bytes printed: 0. Total number of
pages in the document: 2. Number of pages printed: 0. Client computer: \\CEREBRO.
Win32 error code returned by the print processor: 170. The requested resource is
in use.

Error - 02/11/2011 8:23:25 PM | Computer Name = Cerebro | Source = Print | ID = 6161
Description = The document PSYCHIATRY%20PHASE%20C%20ASSESSMENT%20FORM_06Oct2011.pdf,
owned by Aaron, failed to print on printer Canon MP640 series Printer. Try to print
the document again, or restart the print spooler. Data type: NT EMF 1.008. Size
of the spool file in bytes: 633840. Number of bytes printed: 0. Total number of
pages in the document: 2. Number of pages printed: 0. Client computer: \\CEREBRO.
Win32 error code returned by the print processor: 170. The requested resource is
in use.

Error - 02/11/2011 8:27:27 PM | Computer Name = Cerebro | Source = Service Control Manager | ID = 7000
Description =

Error - 02/11/2011 8:27:27 PM | Computer Name = Cerebro | Source = Service Control Manager | ID = 7000
Description =

Error - 02/11/2011 8:27:27 PM | Computer Name = Cerebro | Source = Service Control Manager | ID = 7000
Description =

Error - 02/11/2011 8:27:27 PM | Computer Name = Cerebro | Source = Service Control Manager | ID = 7000
Description =

Error - 02/11/2011 8:27:29 PM | Computer Name = Cerebro | Source = Service Control Manager | ID = 7000
Description =

Error - 02/11/2011 8:27:30 PM | Computer Name = Cerebro | Source = Service Control Manager | ID = 7000
Description =

Error - 02/11/2011 8:27:55 PM | Computer Name = Cerebro | Source = DCOM | ID = 10016
Description =

Error - 02/11/2011 8:28:07 PM | Computer Name = Cerebro | Source = DCOM | ID = 10016
Description =


< End of report >
Max Power
Member+
 
Posts: 27
Joined: June 11th, 2011, 1:32 pm

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 7th, 2011, 4:52 pm

I had to run GMER in safe mode.


Did GMER produce a log? If so then please post it.

Please let me know what Citrix Presentation Server Client is used for.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer seems a bit sluggish!

Unread postby Max Power » November 7th, 2011, 5:25 pm

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-07 15:13:00
Windows 6.0.6002 Service Pack 2
Running: yzqxt9t8.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 28600 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 0 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 64 bytes
File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 64 bytes

---- EOF - GMER 1.0.15 ----

The citrix program was to log in to work at my old job. I don't need that on the computer now
Max Power
Member+
 
Posts: 27
Joined: June 11th, 2011, 1:32 pm

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 7th, 2011, 5:26 pm

Hi Max Power,

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer seems a bit sluggish!

Unread postby Max Power » November 7th, 2011, 6:57 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\aaron\music\itunes\itunes music\cracker\unknown album\02 shake some action.m4a
c:\users\aaron\music\itunes\itunes music\cracker\unknown album\88 untitled.m4a
c:\users\aaron\music\itunes\itunes music\cracker\unknown album\eurotrash girl.m4a
c:\users\aaron\music\itunes\itunes music\cracker\unknown album\happy birthday to me.m4a
c:\users\aaron\music\itunes\itunes music\cracker\unknown album\i hate my generation.m4a
c:\users\aaron\music\itunes\itunes music\cracker\unknown album\i want everything.m4a
c:\users\aaron\music\itunes\itunes music\cracker\unknown album\teen angst.m4a
c:\users\aaron\music\itunes\itunes music\revco\unknown album\crackin up.m4a
scanner sequence 3.DD.11.LQLBWA
----- EOF -----
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {CD956763-78A8-42FD-BA0E-45DB80A92016}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.110617-0336
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CD956763-78A8-42FD-BA0E-45DB80A92016}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-268883476-961013613-3955795002</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>XPS M1530 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="4"/><Date>20080319000000.000000+000</Date></BIOS><HWID>B3313507018400FA</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Canada Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>86D917FC1F81500</Val><Hash>cPHlnVJpXknsDw1NmgUILMAsbog=</Hash><Pid>73931-640-4339835-57976</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-4105-6000.0000-1432008
Installation ID: 002301432053231083700285102645800691668064316661131916
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAQABAAAAAwABAAEAeqiKuDy+EnlOapp6HrMyD0aDRi8m2/L07hECsogRrFYqhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
OSFR DELL M08
SSDT PmRef CpuPm
Max Power
Member+
 
Posts: 27
Joined: June 11th, 2011, 1:32 pm

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 8th, 2011, 3:41 am

Hi Max Power,

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Right click the TDSSKiller icon on you're desktop and select: Run as Administrator then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer seems a bit sluggish!

Unread postby Max Power » November 9th, 2011, 3:33 am

01:29:01.0889 0828 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
01:29:02.0170 0828 ============================================================
01:29:02.0170 0828 Current date / time: 2011/11/09 01:29:02.0170
01:29:02.0170 0828 SystemInfo:
01:29:02.0170 0828
01:29:02.0170 0828 OS Version: 6.0.6002 ServicePack: 2.0
01:29:02.0170 0828 Product type: Workstation
01:29:02.0170 0828 ComputerName: CEREBRO
01:29:02.0170 0828 UserName: Aaron
01:29:02.0170 0828 Windows directory: C:\Windows
01:29:02.0170 0828 System windows directory: C:\Windows
01:29:02.0170 0828 Processor architecture: Intel x86
01:29:02.0171 0828 Number of processors: 2
01:29:02.0171 0828 Page size: 0x1000
01:29:02.0171 0828 Boot type: Normal boot
01:29:02.0171 0828 ============================================================
01:29:02.0805 0828 Initialize success
01:29:30.0048 5548 ============================================================
01:29:30.0048 5548 Scan started
01:29:30.0048 5548 Mode: Manual;
01:29:30.0048 5548 ============================================================
01:29:30.0320 5548 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
01:29:30.0324 5548 ACPI - ok
01:29:30.0438 5548 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:29:30.0446 5548 adp94xx - ok
01:29:30.0480 5548 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:29:30.0486 5548 adpahci - ok
01:29:30.0511 5548 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:29:30.0513 5548 adpu160m - ok
01:29:30.0536 5548 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:29:30.0540 5548 adpu320 - ok
01:29:30.0637 5548 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
01:29:30.0639 5548 AFD - ok
01:29:30.0696 5548 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
01:29:30.0697 5548 agp440 - ok
01:29:30.0716 5548 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:29:30.0718 5548 aic78xx - ok
01:29:30.0754 5548 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
01:29:30.0755 5548 aliide - ok
01:29:30.0800 5548 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
01:29:30.0801 5548 amdagp - ok
01:29:30.0821 5548 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
01:29:30.0822 5548 amdide - ok
01:29:30.0849 5548 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:29:30.0851 5548 AmdK7 - ok
01:29:30.0877 5548 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
01:29:30.0879 5548 AmdK8 - ok
01:29:30.0947 5548 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
01:29:30.0948 5548 ApfiltrService - ok
01:29:31.0039 5548 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:29:31.0041 5548 arc - ok
01:29:31.0079 5548 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:29:31.0081 5548 arcsas - ok
01:29:31.0136 5548 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
01:29:31.0137 5548 AsyncMac - ok
01:29:31.0171 5548 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
01:29:31.0172 5548 atapi - ok
01:29:31.0213 5548 BCM42RLY - ok
01:29:31.0287 5548 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
01:29:31.0294 5548 BCM43XX - ok
01:29:31.0387 5548 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
01:29:31.0387 5548 Beep - ok
01:29:31.0426 5548 blbdrive - ok
01:29:31.0477 5548 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
01:29:31.0478 5548 bowser - ok
01:29:31.0523 5548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:29:31.0524 5548 BrFiltLo - ok
01:29:31.0551 5548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:29:31.0552 5548 BrFiltUp - ok
01:29:31.0583 5548 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
01:29:31.0586 5548 Brserid - ok
01:29:31.0614 5548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:29:31.0615 5548 BrSerWdm - ok
01:29:31.0646 5548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:29:31.0647 5548 BrUsbMdm - ok
01:29:31.0686 5548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
01:29:31.0687 5548 BrUsbSer - ok
01:29:31.0721 5548 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:29:31.0722 5548 BTHMODEM - ok
01:29:31.0815 5548 catchme - ok
01:29:31.0872 5548 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
01:29:31.0873 5548 cdfs - ok
01:29:31.0934 5548 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
01:29:31.0935 5548 cdrom - ok
01:29:31.0976 5548 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:29:31.0977 5548 circlass - ok
01:29:32.0013 5548 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
01:29:32.0017 5548 CLFS - ok
01:29:32.0080 5548 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
01:29:32.0080 5548 CmBatt - ok
01:29:32.0111 5548 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
01:29:32.0112 5548 cmdide - ok
01:29:32.0173 5548 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
01:29:32.0174 5548 Compbatt - ok
01:29:32.0191 5548 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:29:32.0192 5548 crcdisk - ok
01:29:32.0263 5548 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:29:32.0265 5548 Crusoe - ok
01:29:32.0318 5548 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
01:29:32.0320 5548 DfsC - ok
01:29:32.0419 5548 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
01:29:32.0420 5548 dgderdrv - ok
01:29:32.0466 5548 dg_ssudbus (c9f9cafafbffaf7e380efc353ccc940c) C:\Windows\system32\DRIVERS\ssudbus.sys
01:29:32.0468 5548 dg_ssudbus - ok
01:29:32.0527 5548 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
01:29:32.0527 5548 disk - ok
01:29:32.0619 5548 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
01:29:32.0620 5548 drmkaud - ok
01:29:32.0670 5548 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
01:29:32.0675 5548 DXGKrnl - ok
01:29:32.0737 5548 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
01:29:32.0741 5548 e1express - ok
01:29:32.0767 5548 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:29:32.0768 5548 E1G60 - ok
01:29:32.0828 5548 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
01:29:32.0829 5548 Ecache - ok
01:29:32.0892 5548 ElbyCDIO (37c3a9fef349d13685ec9c2acaaeafce) C:\Windows\system32\Drivers\ElbyCDIO.sys
01:29:32.0903 5548 ElbyCDIO - ok
01:29:32.0940 5548 ElbyDelay (8d35affbeed58fd66e9fad223de33718) C:\Windows\system32\Drivers\ElbyDelay.sys
01:29:32.0947 5548 ElbyDelay - ok
01:29:33.0012 5548 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:29:33.0018 5548 elxstor - ok
01:29:33.0090 5548 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
01:29:33.0093 5548 exfat - ok
01:29:33.0133 5548 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
01:29:33.0135 5548 fastfat - ok
01:29:33.0167 5548 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
01:29:33.0168 5548 fdc - ok
01:29:33.0229 5548 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
01:29:33.0230 5548 FileInfo - ok
01:29:33.0253 5548 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
01:29:33.0255 5548 Filetrace - ok
01:29:33.0293 5548 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
01:29:33.0294 5548 flpydisk - ok
01:29:33.0346 5548 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
01:29:33.0350 5548 FltMgr - ok
01:29:33.0429 5548 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
01:29:33.0429 5548 Fs_Rec - ok
01:29:33.0458 5548 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:29:33.0460 5548 gagp30kx - ok
01:29:33.0503 5548 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
01:29:33.0503 5548 GEARAspiWDM - ok
01:29:33.0544 5548 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
01:29:33.0546 5548 giveio - ok
01:29:33.0616 5548 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:29:33.0621 5548 HdAudAddService - ok
01:29:33.0669 5548 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:29:33.0680 5548 HDAudBus - ok
01:29:33.0737 5548 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:29:33.0739 5548 HidBth - ok
01:29:33.0785 5548 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:29:33.0786 5548 HidIr - ok
01:29:33.0839 5548 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
01:29:33.0840 5548 HidUsb - ok
01:29:33.0872 5548 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:29:33.0873 5548 HpCISSs - ok
01:29:33.0957 5548 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
01:29:33.0960 5548 HTTP - ok
01:29:34.0006 5548 hwdatacard (63b3eff36272787619c1e773ed581693) C:\Windows\system32\DRIVERS\ewusbmdm.sys
01:29:34.0008 5548 hwdatacard - ok
01:29:34.0039 5548 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:29:34.0040 5548 i2omp - ok
01:29:34.0117 5548 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
01:29:34.0119 5548 i8042prt - ok
01:29:34.0180 5548 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys
01:29:34.0185 5548 iaNvStor - ok
01:29:34.0230 5548 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
01:29:34.0232 5548 iaStor - ok
01:29:34.0280 5548 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:29:34.0284 5548 iaStorV - ok
01:29:34.0350 5548 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:29:34.0351 5548 iirsp - ok
01:29:34.0397 5548 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
01:29:34.0398 5548 intelide - ok
01:29:34.0465 5548 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
01:29:34.0466 5548 intelppm - ok
01:29:34.0521 5548 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:29:34.0521 5548 IpFilterDriver - ok
01:29:34.0538 5548 IpInIp - ok
01:29:34.0570 5548 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:29:34.0572 5548 IPMIDRV - ok
01:29:34.0595 5548 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
01:29:34.0596 5548 IPNAT - ok
01:29:34.0623 5548 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
01:29:34.0624 5548 IRENUM - ok
01:29:34.0648 5548 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
01:29:34.0649 5548 isapnp - ok
01:29:34.0693 5548 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
01:29:34.0694 5548 iScsiPrt - ok
01:29:34.0714 5548 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:29:34.0716 5548 iteatapi - ok
01:29:34.0738 5548 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:29:34.0740 5548 iteraid - ok
01:29:34.0795 5548 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:29:34.0796 5548 kbdclass - ok
01:29:34.0823 5548 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
01:29:34.0824 5548 kbdhid - ok
01:29:34.0893 5548 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
01:29:34.0896 5548 KSecDD - ok
01:29:34.0965 5548 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
01:29:34.0965 5548 lltdio - ok
01:29:35.0000 5548 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:29:35.0002 5548 LSI_FC - ok
01:29:35.0026 5548 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:29:35.0027 5548 LSI_SAS - ok
01:29:35.0051 5548 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:29:35.0054 5548 LSI_SCSI - ok
01:29:35.0097 5548 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
01:29:35.0099 5548 luafv - ok
01:29:35.0146 5548 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
01:29:35.0147 5548 MBAMProtector - ok
01:29:35.0212 5548 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:29:35.0250 5548 megasas - ok
01:29:35.0297 5548 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
01:29:35.0299 5548 Modem - ok
01:29:35.0361 5548 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
01:29:35.0362 5548 monitor - ok
01:29:35.0418 5548 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
01:29:35.0419 5548 mouclass - ok
01:29:35.0441 5548 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
01:29:35.0442 5548 mouhid - ok
01:29:35.0483 5548 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
01:29:35.0485 5548 MountMgr - ok
01:29:35.0529 5548 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
01:29:35.0530 5548 MpFilter - ok
01:29:35.0568 5548 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:29:35.0571 5548 mpio - ok
01:29:35.0631 5548 MpKsl99267255 - ok
01:29:35.0725 5548 MpKslc75412bc (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E361CE86-98FD-4299-8BDD-E248F7933B98}\MpKslc75412bc.sys
01:29:35.0725 5548 MpKslc75412bc - ok
01:29:35.0840 5548 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
01:29:35.0840 5548 MpNWMon - ok
01:29:35.0900 5548 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
01:29:35.0901 5548 mpsdrv - ok
01:29:35.0956 5548 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:29:35.0957 5548 Mraid35x - ok
01:29:36.0005 5548 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
01:29:36.0007 5548 MRxDAV - ok
01:29:36.0055 5548 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:29:36.0057 5548 mrxsmb - ok
01:29:36.0118 5548 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:29:36.0120 5548 mrxsmb10 - ok
01:29:36.0134 5548 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:29:36.0135 5548 mrxsmb20 - ok
01:29:36.0168 5548 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
01:29:36.0170 5548 msahci - ok
01:29:36.0205 5548 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:29:36.0207 5548 msdsm - ok
01:29:36.0274 5548 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
01:29:36.0275 5548 Msfs - ok
01:29:36.0340 5548 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
01:29:36.0340 5548 msisadrv - ok
01:29:36.0400 5548 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
01:29:36.0401 5548 MSKSSRV - ok
01:29:36.0476 5548 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
01:29:36.0477 5548 MSPCLOCK - ok
01:29:36.0539 5548 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
01:29:36.0540 5548 MSPQM - ok
01:29:36.0589 5548 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
01:29:36.0590 5548 MsRPC - ok
01:29:36.0621 5548 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
01:29:36.0622 5548 mssmbios - ok
01:29:36.0644 5548 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
01:29:36.0645 5548 MSTEE - ok
01:29:36.0682 5548 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
01:29:36.0683 5548 Mup - ok
01:29:36.0746 5548 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
01:29:36.0750 5548 NativeWifiP - ok
01:29:36.0789 5548 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
01:29:36.0799 5548 NDIS - ok
01:29:36.0853 5548 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
01:29:36.0854 5548 NdisTapi - ok
01:29:36.0874 5548 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
01:29:36.0875 5548 Ndisuio - ok
01:29:36.0910 5548 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
01:29:36.0913 5548 NdisWan - ok
01:29:36.0932 5548 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
01:29:36.0933 5548 NDProxy - ok
01:29:36.0961 5548 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
01:29:36.0962 5548 NetBIOS - ok
01:29:36.0992 5548 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
01:29:36.0995 5548 netbt - ok
01:29:37.0041 5548 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:29:37.0042 5548 nfrd960 - ok
01:29:37.0073 5548 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
01:29:37.0075 5548 Npfs - ok
01:29:37.0102 5548 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
01:29:37.0103 5548 nsiproxy - ok
01:29:37.0170 5548 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
01:29:37.0200 5548 Ntfs - ok
01:29:37.0253 5548 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:29:37.0254 5548 ntrigdigi - ok
01:29:37.0314 5548 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
01:29:37.0316 5548 Null - ok
01:29:37.0592 5548 nvlddmkm (26e48523accb361bd81cd64b14424b18) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:29:37.0797 5548 nvlddmkm - ok
01:29:37.0827 5548 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
01:29:37.0828 5548 nvraid - ok
01:29:37.0855 5548 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
01:29:37.0857 5548 nvstor - ok
01:29:37.0880 5548 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
01:29:37.0882 5548 nv_agp - ok
01:29:37.0895 5548 NwlnkFlt - ok
01:29:37.0910 5548 NwlnkFwd - ok
01:29:37.0961 5548 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
01:29:37.0966 5548 OEM02Dev - ok
01:29:37.0993 5548 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
01:29:37.0993 5548 OEM02Vfx - ok
01:29:38.0043 5548 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
01:29:38.0045 5548 ohci1394 - ok
01:29:38.0125 5548 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:29:38.0128 5548 Parport - ok
01:29:38.0183 5548 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
01:29:38.0183 5548 partmgr - ok
01:29:38.0240 5548 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:29:38.0241 5548 Parvdm - ok
01:29:38.0287 5548 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
01:29:38.0288 5548 pci - ok
01:29:38.0314 5548 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
01:29:38.0315 5548 pciide - ok
01:29:38.0343 5548 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:29:38.0346 5548 pcmcia - ok
01:29:38.0383 5548 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
01:29:38.0384 5548 pcouffin - ok
01:29:38.0424 5548 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:29:38.0445 5548 PEAUTH - ok
01:29:38.0514 5548 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
01:29:38.0515 5548 PptpMiniport - ok
01:29:38.0544 5548 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:29:38.0546 5548 Processor - ok
01:29:38.0625 5548 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
01:29:38.0627 5548 PSched - ok
01:29:38.0676 5548 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
01:29:38.0677 5548 PxHelp20 - ok
01:29:38.0765 5548 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:29:38.0785 5548 ql2300 - ok
01:29:38.0819 5548 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:29:38.0822 5548 ql40xx - ok
01:29:38.0872 5548 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
01:29:38.0873 5548 QWAVEdrv - ok
01:29:38.0977 5548 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
01:29:39.0042 5548 R300 - ok
01:29:39.0091 5548 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
01:29:39.0092 5548 RasAcd - ok
01:29:39.0137 5548 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:29:39.0140 5548 Rasl2tp - ok
01:29:39.0193 5548 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
01:29:39.0194 5548 RasPppoe - ok
01:29:39.0210 5548 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
01:29:39.0212 5548 RasSstp - ok
01:29:39.0271 5548 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
01:29:39.0276 5548 rdbss - ok
01:29:39.0321 5548 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:29:39.0322 5548 RDPCDD - ok
01:29:39.0376 5548 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
01:29:39.0381 5548 rdpdr - ok
01:29:39.0395 5548 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
01:29:39.0396 5548 RDPENCDD - ok
01:29:39.0464 5548 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
01:29:39.0468 5548 RDPWD - ok
01:29:39.0513 5548 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
01:29:39.0515 5548 rimmptsk - ok
01:29:39.0546 5548 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
01:29:39.0548 5548 rimsptsk - ok
01:29:39.0563 5548 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
01:29:39.0564 5548 rismxdp - ok
01:29:39.0620 5548 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
01:29:39.0622 5548 rspndr - ok
01:29:39.0667 5548 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:29:39.0670 5548 sbp2port - ok
01:29:39.0730 5548 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
01:29:39.0732 5548 sdbus - ok
01:29:39.0754 5548 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:29:39.0756 5548 secdrv - ok
01:29:39.0786 5548 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:29:39.0788 5548 Serenum - ok
01:29:39.0814 5548 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:29:39.0817 5548 Serial - ok
01:29:39.0871 5548 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
01:29:39.0872 5548 sermouse - ok
01:29:39.0945 5548 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
01:29:39.0946 5548 sffdisk - ok
01:29:39.0972 5548 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
01:29:39.0973 5548 sffp_mmc - ok
01:29:40.0009 5548 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
01:29:40.0010 5548 sffp_sd - ok
01:29:40.0032 5548 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:29:40.0033 5548 sfloppy - ok
01:29:40.0069 5548 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
01:29:40.0071 5548 sisagp - ok
01:29:40.0105 5548 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:29:40.0107 5548 SiSRaid2 - ok
01:29:40.0141 5548 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:29:40.0144 5548 SiSRaid4 - ok
01:29:40.0196 5548 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
01:29:40.0199 5548 Smb - ok
01:29:40.0253 5548 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
01:29:40.0257 5548 speedfan - ok
01:29:40.0293 5548 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
01:29:40.0294 5548 spldr - ok
01:29:40.0362 5548 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
01:29:40.0364 5548 srv - ok
01:29:40.0401 5548 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
01:29:40.0404 5548 srv2 - ok
01:29:40.0433 5548 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
01:29:40.0435 5548 srvnet - ok
01:29:40.0504 5548 ssudmdm (91970cc4a3a30a01c1573184a62f5143) C:\Windows\system32\DRIVERS\ssudmdm.sys
01:29:40.0508 5548 ssudmdm - ok
01:29:40.0573 5548 STHDA (951801dfb54d86f611f0af47825476f9) C:\Windows\system32\drivers\sthda.sys
01:29:40.0581 5548 STHDA - ok
01:29:40.0647 5548 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
01:29:40.0647 5548 swenum - ok
01:29:40.0679 5548 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:29:40.0681 5548 Symc8xx - ok
01:29:40.0715 5548 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:29:40.0716 5548 Sym_hi - ok
01:29:40.0749 5548 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:29:40.0750 5548 Sym_u3 - ok
01:29:40.0811 5548 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
01:29:40.0813 5548 taphss - ok
01:29:40.0891 5548 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
01:29:40.0910 5548 Tcpip - ok
01:29:40.0939 5548 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
01:29:40.0945 5548 Tcpip6 - ok
01:29:40.0976 5548 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
01:29:40.0977 5548 tcpipreg - ok
01:29:41.0024 5548 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
01:29:41.0026 5548 TcUsb - ok
01:29:41.0088 5548 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
01:29:41.0089 5548 TDPIPE - ok
01:29:41.0122 5548 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
01:29:41.0124 5548 TDTCP - ok
01:29:41.0172 5548 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
01:29:41.0174 5548 tdx - ok
01:29:41.0231 5548 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
01:29:41.0233 5548 TermDD - ok
01:29:41.0315 5548 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:29:41.0316 5548 tssecsrv - ok
01:29:41.0367 5548 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
01:29:41.0368 5548 tunmp - ok
01:29:41.0384 5548 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
01:29:41.0385 5548 tunnel - ok
01:29:41.0448 5548 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:29:41.0450 5548 uagp35 - ok
01:29:41.0499 5548 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
01:29:41.0504 5548 udfs - ok
01:29:41.0566 5548 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
01:29:41.0568 5548 uliagpkx - ok
01:29:41.0607 5548 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:29:41.0612 5548 uliahci - ok
01:29:41.0670 5548 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:29:41.0673 5548 UlSata - ok
01:29:41.0733 5548 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:29:41.0736 5548 ulsata2 - ok
01:29:41.0784 5548 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
01:29:41.0786 5548 umbus - ok
01:29:41.0833 5548 usbbus (0678c457f49f20666ab16edda4d1391d) C:\Windows\system32\DRIVERS\lgusbbus.sys
01:29:41.0844 5548 usbbus - ok
01:29:41.0911 5548 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
01:29:41.0913 5548 usbccgp - ok
01:29:41.0961 5548 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:29:41.0964 5548 usbcir - ok
01:29:41.0987 5548 UsbDiag (bc8b39fc8782a954af119bfbe8a77414) C:\Windows\system32\DRIVERS\lgusbdiag.sys
01:29:42.0004 5548 UsbDiag - ok
01:29:42.0090 5548 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
01:29:42.0091 5548 usbehci - ok
01:29:42.0120 5548 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
01:29:42.0125 5548 usbhub - ok
01:29:42.0172 5548 USBModem (290914c187c25b42e1c64d7cfad8b2fc) C:\Windows\system32\DRIVERS\lgusbmodem.sys
01:29:42.0192 5548 USBModem - ok
01:29:42.0236 5548 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
01:29:42.0238 5548 usbohci - ok
01:29:42.0274 5548 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
01:29:42.0275 5548 usbprint - ok
01:29:42.0309 5548 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:29:42.0311 5548 USBSTOR - ok
01:29:42.0347 5548 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
01:29:42.0348 5548 usbuhci - ok
01:29:42.0387 5548 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
01:29:42.0388 5548 vga - ok
01:29:42.0449 5548 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
01:29:42.0450 5548 VgaSave - ok
01:29:42.0485 5548 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
01:29:42.0487 5548 viaagp - ok
01:29:42.0528 5548 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:29:42.0530 5548 ViaC7 - ok
01:29:42.0562 5548 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
01:29:42.0564 5548 viaide - ok
01:29:42.0615 5548 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
01:29:42.0617 5548 volmgr - ok
01:29:42.0676 5548 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
01:29:42.0682 5548 volmgrx - ok
01:29:42.0726 5548 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
01:29:42.0730 5548 volsnap - ok
01:29:42.0769 5548 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:29:42.0772 5548 vsmraid - ok
01:29:42.0822 5548 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:29:42.0823 5548 WacomPen - ok
01:29:42.0881 5548 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:29:42.0883 5548 Wanarp - ok
01:29:42.0898 5548 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
01:29:42.0899 5548 Wanarpv6 - ok
01:29:42.0931 5548 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:29:42.0932 5548 Wd - ok
01:29:42.0994 5548 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
01:29:43.0003 5548 Wdf01000 - ok
01:29:43.0102 5548 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
01:29:43.0104 5548 WinUSB - ok
01:29:43.0165 5548 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:29:43.0166 5548 WmiAcpi - ok
01:29:43.0232 5548 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
01:29:43.0234 5548 WpdUsb - ok
01:29:43.0290 5548 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
01:29:43.0292 5548 ws2ifsl - ok
01:29:43.0359 5548 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
01:29:43.0361 5548 WSDPrintDevice - ok
01:29:43.0418 5548 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
01:29:43.0420 5548 WSDScan - ok
01:29:43.0486 5548 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:29:43.0488 5548 WUDFRd - ok
01:29:43.0525 5548 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
01:29:43.0527 5548 xusb21 - ok
01:29:43.0583 5548 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
01:29:43.0586 5548 yukonwlh - ok
01:29:43.0609 5548 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:29:43.0623 5548 \Device\Harddisk0\DR0 - ok
01:29:43.0637 5548 Boot (0x1200) (54e2499fd70bd582329718c11efde7a3) \Device\Harddisk0\DR0\Partition0
01:29:43.0639 5548 \Device\Harddisk0\DR0\Partition0 - ok
01:29:43.0643 5548 Boot (0x1200) (acfa081e4ba20b591c7be8063cde8083) \Device\Harddisk0\DR0\Partition1
01:29:43.0644 5548 \Device\Harddisk0\DR0\Partition1 - ok
01:29:43.0645 5548 ============================================================
01:29:43.0645 5548 Scan finished
01:29:43.0645 5548 ============================================================
01:29:43.0659 0520 Detected object count: 0
01:29:43.0659 0520 Actual detected object count: 0
01:30:19.0316 3588 Deinitialize success
Max Power
Member+
 
Posts: 27
Joined: June 11th, 2011, 1:32 pm

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 9th, 2011, 6:43 am

Hi Max Power,

Please download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe and select " Run as administrator " to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer seems a bit sluggish!

Unread postby Max Power » November 11th, 2011, 6:47 pm

Eset scan:
C:\Users\Aaron\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101015175207197.rsc multiple threats

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-11 11:06:49
-----------------------------
11:06:49.917 OS Version: Windows 6.0.6002 Service Pack 2
11:06:49.917 Number of processors: 2 586 0xF0D
11:06:49.918 ComputerName: CEREBRO UserName: Aaron
11:07:18.412 Initialize success
11:09:28.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:09:28.919 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
11:09:28.941 Disk 0 MBR read successfully
11:09:28.944 Disk 0 MBR scan
11:09:28.946 Disk 0 Windows VISTA default MBR code
11:09:28.951 Disk 0 scanning sectors +488394752
11:09:29.032 Disk 0 scanning C:\Windows\system32\drivers
11:09:37.070 Service scanning
11:09:37.714 Service MpKsl7a0fe992 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A27DC846-BD54-420A-938B-BCF14FAF5207}\MpKsl7a0fe992.sys **LOCKED** 32
11:09:37.719 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
11:09:38.364 Modules scanning
11:09:44.722 Disk 0 trace - called modules:
11:09:44.749 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
11:09:44.753 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863114b0]
11:09:45.086 3 CLASSPNP.SYS[8a7af8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85318030]
11:09:45.090 Scan finished successfully
11:14:16.204 Disk 0 MBR has been saved successfully to "C:\Users\Aaron\Desktop\MBR.dat"
11:14:16.210 The log file has been saved successfully to "C:\Users\Aaron\Desktop\aswMBR.txt"
Max Power
Member+
 
Posts: 27
Joined: June 11th, 2011, 1:32 pm

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 11th, 2011, 7:08 pm

Hi Max Power,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Users\Aaron\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101015175207197.rsc

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.


Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:66633281
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Now run a quick scan with Malwarebytes and post the log in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Computer seems a bit sluggish!

Unread postby Max Power » November 14th, 2011, 1:05 pm

Hi, The computer seems like it's back to normal. I couldn't get the virus total to work. I waited a couple of hours. Not sure if it needs longer. Here is the OTL log. I'll send the malwarebytes log and try the virustotal again.

All processes killed
========== PROCESSES ==========
========== OTL ==========
ADS C:\ProgramData\TEMP:66633281 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:0888F409 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aaron
->Temp folder emptied: 14428110 bytes
->Temporary Internet Files folder emptied: 677439115 bytes
->Java cache emptied: 4594972 bytes
->Flash cache emptied: 23677 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11269056 bytes
RecycleBin emptied: 31354743 bytes

Total Files Cleaned = 705.00 mb


[EMPTYFLASH]

User: Aaron
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Aaron
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11142011_105232

Files\Folders moved on Reboot...
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQNOZ00W\virustotal_com[1].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AZ5WN3J1\search[1].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AZ5WN3J1\search[2].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5DNN3BAG\search[1].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5DNN3BAG\search[2].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3H3CHRR9\search[1].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3H3CHRR9\search[2].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3H3CHRR9\search[4].htm moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
Max Power
Member+
 
Posts: 27
Joined: June 11th, 2011, 1:32 pm

Re: Computer seems a bit sluggish!

Unread postby deltalima » November 14th, 2011, 2:23 pm

OK, please post logs when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware