SpyWare BeWare! ASAP
July 20, 2017, 01:31:38 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1]   Go Down
  Print  
Author Topic: Adobe Flash Player virus  (Read 1474 times)
0 Members and 1 Guest are viewing this topic.
javaman225
Newbie
*
Offline Offline

Date Registered:March 04, 2013, 10:07:32 AM
Posts: 5


« on: March 04, 2013, 10:42:08 AM »

I have the pictured pop-up every couple of minutes, no matter what website I am on. I have already performed a fresh install of the flash player.
I have attached the dds and attach files for your review. Hope you can help me. Thank you.
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #1 on: March 04, 2013, 12:10:27 PM »

Hi and welcome to the SWBW forums.  Smiley

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • If you don't know or understand something, please don't hesitate to ask.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


Multiple Anti Virus programs.

You are operating multiple Anti Virus programs on your computer:

AVG Anti-Virus Free Edition 2013
Microsoft Security Essentials


It is NOT safe to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes! You MUST remove all but one anti-virus program.

Go to start > control panel > Programs > programs and features and uninstall one of either:

  • AVG Anti-Virus Free Edition 2013
  • Microsoft Security Essentials
.


Uninstall Programs

  • Go to start > control panel > Programs > programs and features.
  • Right click on each instance of:
Quote
Java(TM) 6 Update 31
Java(TM) 7 Update 1 (64-bit)
YTD Toolbar v6.9

  • Click Uninstall & then follow the prompts to remove them.
.


OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
Logged

javaman225
Newbie
*
Offline Offline

Date Registered:March 04, 2013, 10:07:32 AM
Posts: 5


« Reply #2 on: March 04, 2013, 12:38:04 PM »

Thank you for your help. I am posting the contents of the 2 scans.

OTL.txt

OTL logfile created on: 3/4/2013 12:28:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TJ ARANILLA X220\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.70% Memory free
4.35 Gb Paging File | 2.36 Gb Available in Paging File | 54.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 138.11 Gb Total Space | 2.02 Gb Free Space | 1.46% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 0.60 Gb Free Space | 6.14% Space Free | Partition Type: NTFS
 
Computer Name: TJARANILLAX220 | User Name: TJ ARANILLA X220 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/04 12:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TJ ARANILLA X220\Desktop\OTL.exe
PRC - [2013/02/15 08:08:48 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/24 03:06:40 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
PRC - [2013/01/16 07:14:28 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/23 17:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/04/14 15:24:26 | 000,410,984 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011/04/14 15:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011/04/14 15:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011/04/14 15:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011/04/13 07:58:14 | 002,179,704 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
PRC - [2011/04/13 07:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/04/04 20:22:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/04/04 20:22:10 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/04/04 20:21:56 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/03/23 13:48:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/03/14 22:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/03/02 17:07:36 | 000,443,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
PRC - [2011/02/28 11:35:26 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/01/16 22:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/12 22:26:20 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
PRC - [2009/06/19 14:42:00 | 000,505,128 | ---- | M] () -- C:\Program Files (x86)\Linksys Wireless-G Print Server\PSDiagnosticM.exe
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
PRC - [2007/08/24 14:52:42 | 000,240,112 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
PRC - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
PRC - [2007/08/24 14:52:02 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
PRC - [2007/08/14 02:44:38 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2000/09/13 09:51:58 | 000,192,512 | ---- | M] (The Webshots Corporation) -- C:\Program Files (x86)\Webshots\WebshotsTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/04 10:46:33 | 001,024,616 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\windows._cacheinvalidation.pyd
MOD - [2013/03/04 10:46:33 | 000,792,576 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\wx._gdi_.pyd
MOD - [2013/03/04 10:46:33 | 000,571,392 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\pysqlite2._sqlite.pyd
MOD - [2013/03/04 10:46:33 | 000,263,168 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32com.shell.shell.pyd
MOD - [2013/03/04 10:46:33 | 000,153,088 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\pyexpat.pyd
MOD - [2013/03/04 10:46:33 | 000,096,256 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32api.pyd
MOD - [2013/03/04 10:46:33 | 000,086,016 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\_elementtree.pyd
MOD - [2013/03/04 10:46:33 | 000,070,656 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\wx._html2.pyd
MOD - [2013/03/04 10:46:33 | 000,040,448 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\_socket.pyd
MOD - [2013/03/04 10:46:33 | 000,023,040 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32ts.pyd
MOD - [2013/03/04 10:46:33 | 000,011,776 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32crypt.pyd
MOD - [2013/03/04 10:46:32 | 001,169,408 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\wx._core_.pyd
MOD - [2013/03/04 10:46:32 | 001,056,256 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\wx._controls_.pyd
MOD - [2013/03/04 10:46:32 | 000,807,424 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\wx._windows_.pyd
MOD - [2013/03/04 10:46:32 | 000,731,136 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\wx._misc_.pyd
MOD - [2013/03/04 10:46:32 | 000,645,120 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\_ssl.pyd
MOD - [2013/03/04 10:46:32 | 000,585,728 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\unicodedata.pyd
MOD - [2013/03/04 10:46:32 | 000,354,304 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\pythoncom26.dll
MOD - [2013/03/04 10:46:32 | 000,311,808 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\_hashlib.pyd
MOD - [2013/03/04 10:46:32 | 000,121,856 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\wx._wizard.pyd
MOD - [2013/03/04 10:46:32 | 000,111,104 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32file.pyd
MOD - [2013/03/04 10:46:32 | 000,110,592 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32security.pyd
MOD - [2013/03/04 10:46:32 | 000,110,592 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\PyWinTypes26.dll
MOD - [2013/03/04 10:46:32 | 000,073,728 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\_ctypes.pyd
MOD - [2013/03/04 10:46:32 | 000,039,424 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32inet.pyd
MOD - [2013/03/04 10:46:32 | 000,036,352 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32process.pyd
MOD - [2013/03/04 10:46:32 | 000,022,528 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32pdh.pyd
MOD - [2013/03/04 10:46:32 | 000,017,920 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32profile.pyd
MOD - [2013/03/04 10:46:32 | 000,017,920 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\win32event.pyd
MOD - [2013/03/04 10:46:32 | 000,011,776 | ---- | M] () -- C:\Users\TJ ARANILLA X220\AppData\Local\Temp\_MEI18242\select.pyd
MOD - [2013/02/13 10:49:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/16 06:59:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/16 06:59:38 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/16 06:59:37 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll
MOD - [2013/01/16 06:59:37 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/16 06:59:24 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/16 06:59:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/16 06:59:10 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/16 06:59:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/16 06:59:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/16 06:58:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/16 06:58:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/16 06:58:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/23 17:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/06 11:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/06 11:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2009/09/04 01:44:22 | 000,152,864 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\en-US\ReminderApp.resources.dll
MOD - [2009/09/04 01:44:18 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe
MOD - [2009/09/04 01:44:18 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\AddressBookCore.dll
MOD - [2009/06/19 14:42:00 | 000,505,128 | ---- | M] () -- C:\Program Files (x86)\Linksys Wireless-G Print Server\PSDiagnosticM.exe
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2008/09/25 16:35:56 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Linksys Wireless-G Print Server\scUsb.dll
MOD - [2008/09/25 16:25:28 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Linksys Wireless-G Print Server\scUtil.dll
MOD - [2008/09/24 18:54:44 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Linksys Wireless-G Print Server\scComm.dll
MOD - [2007/08/24 14:53:10 | 005,462,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
MOD - [2007/08/14 02:44:38 | 000,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/08 19:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2011/04/04 20:22:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/04/04 20:21:56 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/02/01 00:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/01/13 16:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/17 11:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/11/07 13:04:00 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/11/07 12:56:30 | 000,869,376 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/04/14 15:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011/04/14 15:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011/04/13 07:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/03/23 13:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/03/23 13:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/03/14 22:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/03/02 17:07:36 | 000,443,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/06/14 10:00:48 | 000,270,848 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/08/24 14:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 14:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 14:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/06/30 16:26:40 | 000,038,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/06/11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/10/15 00:52:02 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011/10/15 00:43:17 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/10/15 00:36:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/15 00:36:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/08 19:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2011/05/05 06:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/05 12:29:58 | 000,066,552 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AceecaUSBDx64.sys -- (AceecaUSBDx64)
DRV:64bit: - [2011/03/23 18:25:00 | 000,101,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011/03/23 13:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/03/23 13:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/03/10 22:10:38 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/10 22:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/04 20:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011/02/09 17:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/01 00:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011/01/13 16:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 16:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/20 11:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/25 21:56:24 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/10/25 21:56:18 | 000,081,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/10/25 21:56:14 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/07/08 09:52:32 | 000,256,512 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2010/07/08 09:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV:64bit: - [2010/07/08 09:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV:64bit: - [2010/07/08 09:52:32 | 000,217,728 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV:64bit: - [2010/07/08 09:52:32 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2010/06/27 20:39:46 | 000,017,064 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wstbtndb.sys -- (HBtnKey)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 15:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/07/10 17:43:18 | 000,037,376 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\scnuhub20.sys -- (SCNUHUB20)
DRV:64bit: - [2008/06/06 14:49:02 | 000,015,872 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\scnuhst20.sys -- (scnuhst20)
DRV:64bit: - [2007/07/26 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/08/18 02:09:04 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.renntech.org/http://ww [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.renntech.org/
IE - HKCU\..\SearchScopes,DefaultScope = {B4C09DAF-3664-4FA8-B543-00D9C3899BD6}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS454US457
IE - HKCU\..\SearchScopes\{B4C09DAF-3664-4FA8-B543-00D9C3899BD6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.rennlist.com"
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.7
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.7
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2011/10/15 00:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/16 07:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/10/26 22:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Mozilla\Extensions
[2013/02/14 13:21:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Mozilla\Firefox\Profiles\tz7z3f76.default\extensions
[2012/04/27 08:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2011/12/16 07:36:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/16 07:36:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Photo Explosion\4.0\ReminderApp.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PSDiagnosticM] C:\Program Files (x86)\Linksys Wireless-G Print Server\PSDiagnosticM.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKCU..\RunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Application Restart #3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Users\TJ ARANILLA X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD27C404-D8C8-458A-AFE5-03FC35D5E2D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26A5A6E-7D5A-46C4-92F9-FB7E59E97618}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 11:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{44ad7c07-0e31-11e1-be22-f0def19aa532}\Shell - "" = AutoRun
O33 - MountPoints2\{44ad7c07-0e31-11e1-be22-f0def19aa532}\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O33 - MountPoints2\{5ad6fcd1-0039-11e1-9ba1-f0def19aa532}\Shell - "" = AutoRun
O33 - MountPoints2\{5ad6fcd1-0039-11e1-9ba1-f0def19aa532}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{9aa99117-0d53-11e1-9e4e-f0def19aa532}\Shell - "" = AutoRun
O33 - MountPoints2\{9aa99117-0d53-11e1-9e4e-f0def19aa532}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a
O33 - MountPoints2\{a27342ec-fe01-11e0-bb4c-f0def19aa532}\Shell - "" = AutoRun
O33 - MountPoints2\{a27342ec-fe01-11e0-bb4c-f0def19aa532}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a6c721f9-81e8-11e2-a3ad-f0def19aa532}\Shell - "" = AutoRun
O33 - MountPoints2\{a6c721f9-81e8-11e2-a3ad-f0def19aa532}\Shell\AutoRun\command - "" = F:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{d35fc346-f6ef-11e0-adfd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d35fc346-f6ef-11e0-adfd-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 16:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{e5a68141-16fc-11e2-84a1-f0def19aa532}\Shell - "" = AutoRun
O33 - MountPoints2\{e5a68141-16fc-11e2-84a1-f0def19aa532}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/04 12:25:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TJ ARANILLA X220\Desktop\OTL.exe
[2013/03/04 12:14:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/04 10:03:19 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\Desktop\virus
[2013/03/04 09:33:43 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\Desktop\RK_Quarantine
[2013/03/04 09:06:33 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\TuneUp Software
[2013/03/04 09:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/03/04 09:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/03/04 09:04:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/04 09:04:26 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\AppData\Local\MFAData
[2013/03/04 09:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/04 09:04:26 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\AppData\Local\Avg2013
[2013/03/01 21:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2013/03/01 21:32:00 | 000,000,000 | ---D | C] -- C:\Temp
[2013/03/01 21:32:00 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Motorola Mobility
[2013/03/01 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility
[2013/03/01 12:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2013/03/01 12:10:05 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Motorola
[2013/02/25 22:14:45 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\Desktop\WINDOWS-7-DRIVERS
[2013/02/21 18:30:17 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\dvdcss
[2013/02/21 06:37:01 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\Desktop\1-GB-Chip
[2013/02/15 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\Desktop\valentines-day
[2013/02/14 13:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2013/02/12 04:28:00 | 000,000,000 | ---D | C] -- C:\Users\TJ ARANILLA X220\AppData\Local\{BEE1BC5F-1ED2-4635-AB77-DF82CB099CB6}
[2011/10/26 21:47:08 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Program Files (x86)\hjsplit.exe
[2011/10/25 10:24:53 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/04 12:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TJ ARANILLA X220\Desktop\OTL.exe
[2013/03/04 12:13:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/04 12:02:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/04 10:53:18 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 10:53:18 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/04 10:51:06 | 000,744,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/04 10:51:06 | 000,636,268 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/04 10:51:06 | 000,111,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/04 10:46:31 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/04 10:46:00 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/04 07:03:18 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/03/02 00:24:38 | 000,053,125 | ---- | M] () -- C:\Users\TJ ARANILLA X220\Desktop\2013-02-12-wes-welker-4_3_rx512_c680x510.jpg
[2013/03/01 12:27:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2013/03/01 12:10:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/03/01 12:10:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/03/01 12:10:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/03/01 12:10:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/02/13 10:51:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/13 10:47:07 | 000,538,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 10:47:06 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2013/03/02 00:24:37 | 000,053,125 | ---- | C] () -- C:\Users\TJ ARANILLA X220\Desktop\2013-02-12-wes-welker-4_3_rx512_c680x510.jpg
[2013/03/01 12:27:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2013/03/01 12:10:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2013/03/01 12:10:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2013/03/01 12:10:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2013/03/01 12:10:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2013/03/01 10:34:46 | 000,002,609 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk
[2012/05/29 20:38:54 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/16 08:34:44 | 000,000,371 | ---- | C] () -- C:\Users\TJ ARANILLA X220\.JavaPowUpload.properties
[2011/10/31 09:06:18 | 000,764,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/24 00:41:44 | 003,932,214 | ---- | C] () -- C:\Users\TJ ARANILLA X220\AppData\Roaming\webshots.bmp
[2011/10/24 00:41:43 | 000,000,770 | ---- | C] () -- C:\Windows\webshots.ini
[2011/10/23 21:50:30 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\CopyHubDrv.exe
[2011/10/15 00:48:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/15 00:48:09 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/15 00:48:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/15 00:32:28 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/11/06 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\.spotflux
[2012/04/25 12:43:27 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Anthropics
[2012/03/04 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\calibre
[2012/04/17 09:44:45 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\com.image.getthepicture
[2011/12/15 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\com.Shutterfly.ExpressUploader
[2011/10/23 22:11:05 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\EPSON
[2012/07/22 11:49:05 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\ImgBurn
[2011/10/21 03:35:15 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Leadertech
[2011/10/25 07:34:20 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Lenovo
[2013/03/01 12:10:05 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Motorola
[2013/03/01 21:32:00 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Motorola Mobility
[2011/11/06 17:36:10 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Nova Development
[2011/10/22 03:59:51 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\PCDr
[2011/10/21 03:36:15 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\PwrMgr
[2011/10/26 22:22:03 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Smith Micro
[2012/09/21 13:07:54 | 000,000,000 | ---D | M] -- C:\Users\TJ ARANILLA X220\AppData\Roaming\Spotflux<
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #3 on: March 04, 2013, 12:55:49 PM »

Hi

Can you post the contents of Extras.txt

Also attach OTL.txt The log seems to big for the character limit.
 
Logged

javaman225
Newbie
*
Offline Offline

Date Registered:March 04, 2013, 10:07:32 AM
Posts: 5


« Reply #4 on: March 04, 2013, 12:59:12 PM »

See Attached

Thanks
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #5 on: March 04, 2013, 02:25:55 PM »

Hi

Ensure Adobe flash player is enabled by following the instructions here: http://forums.adobe.com/thread/885448

Let me know how your computer is running.


OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code:
Code:
:otl
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.7
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.7

:files
C:\Program Files (x86)\Common Files\Spigot
C:\PROGRAM FILES (X86)\YTD TOOLBAR
C:\Program Files (x86)\Application Updater

:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please allow it to do so if asked.
  • The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.
Logged

javaman225
Newbie
*
Offline Offline

Date Registered:March 04, 2013, 10:07:32 AM
Posts: 5


« Reply #6 on: March 04, 2013, 07:04:03 PM »

Pop-up still coming on. Report attached.
Thanks.
Logged
javaman225
Newbie
*
Offline Offline

Date Registered:March 04, 2013, 10:07:32 AM
Posts: 5


« Reply #7 on: March 04, 2013, 07:06:20 PM »

The adobe tutorial / help indicated that Flash player was installed and working properly. The newest appropriate version of the flash player is installed. The computer works fine, just the pop-ups...
t
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #8 on: March 05, 2013, 01:56:25 PM »

Hi

I don't think this is a malware issue.


MGADiag

Download the diagnostic tool MGADiag and save it to your desktop.

  • Right click on MGADiag.exe and choose "Run as Administrator".
  • Click Yes to the UAC prompt
  • When the program opens, click Continue
  • When the tool has finished. click the Browser tab and click Copy.
  • Paste the report in your next reply.
Logged

melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #9 on: March 07, 2013, 06:38:26 PM »

Hi javaman225

It has been over two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • Topics can be closed after 3 days without a response. If you do not reply within that time, the topic will be closed.
Logged

melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #10 on: March 08, 2013, 04:28:51 PM »

Due to the lack of feedback, this Topic is now closed.

If you still require help, please start a new thread.

Any other members requiring Malware Removal assistance, Please Start HERE!

Thanks!
Logged

Pages: [1]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!