TechSpot

[A] Search box and redirect malware - scans pasted

By joebuilder
Jun 28, 2012
  1. Getting the ad box in the bottom right in both IE and firefox. Also get search and click redirect.

    Steps I have taken.
    1. All windows updates installed.
    2. Kasepersky 6.0 full scan
    3. Windows defender full scan
    4. Hosts file replaced
    5. Malwarebytest scan (pasted below)
    6. GMER scan (pasted below)
    7. OTL scan (pasted Below)


    Malwarebytest
    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.28.09
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    darag :: 5-SEO-DARA [administrator]
    Protection: Enabled
    6/28/2012 11:13:35 AM
    mbam-log-2012-06-28 (11-13-35).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 310723
    Time elapsed: 17 minute(s), 30 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  2. joebuilder

    joebuilder TS Rookie Topic Starter

    OLT.txt Part 1

    OTL logfile created on: 6/28/2012 11:45:04 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\darag\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 11.17 Gb Available Physical Memory | 69.90% Memory free
    31.96 Gb Paging File | 26.26 Gb Available in Paging File | 82.17% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.32 Gb Total Space | 129.55 Gb Free Space | 43.57% Space Free | Partition Type: NTFS
    Drive D: | 4.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 232.88 Gb Total Space | 175.37 Gb Free Space | 75.30% Space Free | Partition Type: NTFS

    Computer Name: 5-SEO-DARA | User Name: darag | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\darag\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
    PRC - C:\Users\darag\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe (ShoreTel Inc.)
    PRC - C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe (ShoreTel, Inc.)
    PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe (Kaspersky Lab ZAO)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
    PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Program Files (x86)\Asmico\E-catalogue\db\bin\mysqld-nt.exe ()
    PRC - C:\Program Files (x86)\Microsoft Visual FoxPro 9\vfp9.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMSkin\4aac348aee4b09626a9fb81f3d6acbc4\PCMSkin.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EAEXCTRLLib\e5621afef2026e48c5364aa88b6a7a44\EAEXCTRLLib.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Outlook\5571b91f54b421c19a372933d52abb2f\Outlook.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\a7984be9b8698ce98ba32f599707cd98\AxInterop.SHDocVw.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\STVideo\0dfea5ec8d8b1eecfec11da21b2fe5b9\STVideo.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMLib\8c7edd60e7521bad7f7e31fdee6888e8\PCMLib.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMControls\200197edc3958341d5ebad23e9d6f664\PCMControls.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMIMLib\96bee031f3438f75a2f55f45ffce93cc\PCMIMLib.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMUtils\b84700bce9b5dab7d05e721c89eae1c2\PCMUtils.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMBasics\694b7443216733c46784096582288209\PCMBasics.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMTrace\9a2013c1bbac39448c3d9edae6f37e4f\PCMTrace.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraGrid#\1b6b2acc715ee5736628742f6e45470f\DevExpress.XtraGrid.v9.1.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraEdit#\a4ff5375e1f2f8a235d83d9c80cb4a1d\DevExpress.XtraEditors.v9.1.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraBars#\95a6609d5e2e3a43a959c379980a2963\DevExpress.XtraBars.v9.1.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\STUIControls\d446baf7a1c6284f9a081ac25270f1bc\STUIControls.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Data.v9.1\a9a06cdf874ec7108c94c04a2ab0e8e9\DevExpress.Data.v9.1.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Utils.v9#\4729b85a9e3b674ea5a1bbcfe721cddb\DevExpress.Utils.v9.1.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ShoreTel\0f346309a6f47af9c19ad40412116b9e\ShoreTel.ni.exe ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d46e59185b6489461bbad689b7c655ae\IAStorUtil.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\02465e1babef4bd6a6a990a8a2b50e17\IAStorCommon.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    MOD - C:\Users\darag\AppData\Local\AOL\AIM\npswf32.dll ()
    MOD - C:\Users\darag\AppData\Local\AOL\AIM\libcef.dll ()
    MOD - C:\Users\darag\AppData\Local\AOL\AIM\avcodec-53.dll ()
    MOD - C:\Users\darag\AppData\Local\AOL\AIM\avformat-53.dll ()
    MOD - C:\Users\darag\AppData\Local\AOL\AIM\avutil-51.dll ()
    MOD - C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL ()
    MOD - C:\Users\darag\AppData\Roaming\Mozilla\Firefox\Profiles\3rzloabl.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll ()
    MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV:64bit: - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation)
    SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
    SRV - (klnagent) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe (Kaspersky Lab ZAO)
    SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (MySQL_EDOC) -- C:\Program Files (x86)\Asmico\E-catalogue\db\bin\mysqld-nt.exe ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
    DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
    DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
    DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
    DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
    DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
    DRV:64bit: - (KLFLTDEV) -- C:\Windows\SysNative\drivers\klfltdev.sys (Kaspersky Lab)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8B3497F9-9738-4D59-B836-E86A6F1376CB}
    IE:64bit: - HKLM\..\SearchScopes\{8B3497F9-9738-4D59-B836-E86A6F1376CB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {84A5C860-CEEF-4714-A3A3-420A0518B1FF}
    IE - HKLM\..\SearchScopes\{84A5C860-CEEF-4714-A3A3-420A0518B1FF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meridianautoparts.com/admin/internet_start_page.asp
    IE - HKCU\..\SearchScopes,DefaultScope = {8307E0CA-95B0-4DC2-8FD4-E23E010D4CC0}
    IE - HKCU\..\SearchScopes\{8307E0CA-95B0-4DC2-8FD4-E23E010D4CC0}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.meridianautoparts.com/admin/internet_start_page.asp"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/27 12:03:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/18 13:23:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird2\components [2012/05/18 13:24:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird2\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/27 12:03:46 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/18 13:23:59 | 000,000,000 | ---D | M]

    [2011/04/14 12:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darag\AppData\Roaming\mozilla\Extensions
    [2011/04/14 12:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darag\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/05/02 09:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darag\AppData\Roaming\mozilla\Firefox\Profiles\3rzloabl.default\extensions
    [2011/08/09 11:07:46 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\darag\AppData\Roaming\mozilla\Firefox\Profiles\3rzloabl.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
    [2012/02/02 10:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/27 12:03:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/27 12:03:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/27 12:03:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\darag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\darag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\darag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/01 13:11:03 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 109.163.226.208 www.google-analytics.com.
    O1 - Hosts: 109.163.226.208 ad-emea.doubleclick.net.
    O1 - Hosts: 109.163.226.208 www.statcounter.com.
    O1 - Hosts: 67.215.245.19 www.google-analytics.com.
    O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    O1 - Hosts: 67.215.245.19 www.statcounter.com.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKCU..\Run: [AIM for Windows] C:\Users\darag\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe (ShoreTel Inc.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
    O4 - HKCU..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableBkGndGroupPolicy = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 1
    O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
    O9:64bit: - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\scieplgn.dll (Kaspersky Lab)
    O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} http://192.168.1.50/ShoreWareResources/ClientInstall/ShoretelClientInstall.ocx (Shoretel SClientInstall)
    O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} http://192.168.1.50/shorewaredirector/VoiceMessage.ocx (VoiceMessage Control)
    O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 192.168.1.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = meridian.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C9455D-529A-4365-8D39-6B4E07028415}: DhcpNameServer = 192.168.1.2 192.168.1.22
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\adialhk.dll (Kaspersky Lab ZAO)
    O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll (Kaspersky Lab ZAO)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/15 02:52:18 | 000,000,080 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/28 11:43:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\darag\Desktop\OTL.exe
    [2012/06/28 11:12:14 | 000,000,000 | ---D | C] -- C:\Users\darag\AppData\Roaming\Malwarebytes
    [2012/06/28 11:12:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/28 11:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/28 11:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/28 11:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/28 09:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2012/06/28 09:45:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2012/06/28 09:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
    [2012/06/28 09:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2012/06/28 09:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
    [2012/06/28 09:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
    [2012/06/28 08:57:49 | 000,000,000 | ---D | C] -- C:\Users\darag\AppData\Roaming\Yahoo!
    [2012/06/27 13:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
    [2012/06/27 13:42:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2012/06/27 13:41:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [2012/06/27 13:37:08 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
    [2012/06/27 13:36:55 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
    [2012/06/27 12:04:07 | 000,000,000 | ---D | C] -- C:\Users\darag\AppData\Local\Macromedia
    [2012/06/16 17:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\GroupPolicy
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/28 11:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/28 11:43:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\darag\Desktop\OTL.exe
    [2012/06/28 11:42:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/28 11:20:59 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-443826872-567759323-2654381859-500UA.job
    [2012/06/28 10:55:54 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/28 10:55:22 | 000,001,506 | RHS- | M] () -- C:\Users\darag\ntuser.pol
    [2012/06/28 10:36:10 | 000,002,038 | -H-- | M] () -- C:\Users\darag\Documents\Default.rdp
    [2012/06/28 10:23:23 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 10:23:23 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 10:14:53 | 000,874,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/28 10:14:53 | 000,729,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/28 10:14:53 | 000,146,844 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/28 10:07:45 | 000,015,540 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/06/28 10:07:22 | 000,344,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/28 10:06:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/28 10:06:23 | 4281,167,870 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/28 09:45:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/06/28 08:20:59 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-443826872-567759323-2654381859-500Core.job
    [2012/06/27 12:56:33 | 000,001,133 | ---- | M] () -- C:\Users\darag\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2012/06/27 12:11:49 | 000,870,652 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/16 17:14:19 | 000,001,878 | ---- | M] () -- C:\Users\darag\Application Data\Microsoft\Internet Explorer\Quick Launch\MeridianAccess.lnk
    [2012/06/16 17:14:19 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\MeridianAccess.lnk
    [2012/06/16 17:14:19 | 000,000,155 | ---- | M] () -- C:\Users\Public\Desktop\Meridian Home Page.url
    [2012/06/16 17:14:19 | 000,000,121 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.url
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/28 09:45:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
    [2012/06/27 13:38:33 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
    [2012/06/27 13:36:45 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
    [2012/06/27 13:36:40 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
    [2012/06/27 13:36:40 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
    [2012/06/27 13:36:22 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
    [2012/06/27 13:36:22 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
    [2012/06/16 17:14:19 | 000,001,878 | ---- | C] () -- C:\Users\darag\Application Data\Microsoft\Internet Explorer\Quick Launch\MeridianAccess.lnk
    [2012/06/16 17:14:19 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\MeridianAccess.lnk
    [2012/06/16 17:14:19 | 000,000,155 | ---- | C] () -- C:\Users\Public\Desktop\Meridian Home Page.url
    [2012/06/16 17:14:19 | 000,000,121 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.url
    [2011/10/10 16:23:41 | 000,113,664 | ---- | C] () -- C:\Windows\see32.dll
    [2011/09/16 16:43:34 | 000,028,398 | ---- | C] () -- C:\Users\darag\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/08/29 09:04:52 | 000,001,506 | RHS- | C] () -- C:\Users\darag\ntuser.pol
    [2011/05/20 13:37:32 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\img2pdf.ini
    [2011/04/14 17:24:06 | 000,870,652 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/05 08:15:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/04/04 16:16:47 | 000,015,540 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/03/11 06:22:32 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/03/11 06:22:31 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/03/11 06:22:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
     
  3. joebuilder

    joebuilder TS Rookie Topic Starter

    OTL.txt part 2


    ========== LOP Check ==========

    [2011/04/14 13:12:15 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\acccore
    [2011/10/05 12:10:45 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\Aid4Mail2
    [2011/05/17 17:44:48 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\com.amazon.music.uploader
    [2011/11/15 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\FileZilla
    [2011/05/21 12:03:52 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\Foxit Software
    [2011/04/12 09:40:03 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\IrfanView
    [2011/04/12 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\Leadertech
    [2012/01/23 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\ShoreWare Client
    [2011/04/14 12:00:19 | 000,000,000 | ---D | M] -- C:\Users\darag\AppData\Roaming\Thunderbird
    [2009/07/13 22:08:49 | 000,023,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/03/11 06:26:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2011/03/11 06:26:57 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/03/11 06:26:45 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2011/03/11 06:26:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2011/03/11 06:26:57 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2011/03/11 06:26:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2011/03/11 06:26:57 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2011/03/11 06:26:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2011/03/11 06:26:57 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/03/11 06:26:45 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2011/03/11 06:26:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2011/03/11 06:26:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2011/03/11 06:26:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2011/03/11 06:26:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /mp /s >
    < End of report >
     
  4. joebuilder

    joebuilder TS Rookie Topic Starter

    OTL extras


    OTL Extras logfile created on: 6/28/2012 11:45:04 AM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\darag\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 11.17 Gb Available Physical Memory | 69.90% Memory free
    31.96 Gb Paging File | 26.26 Gb Available in Paging File | 82.17% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.32 Gb Total Space | 129.55 Gb Free Space | 43.57% Space Free | Partition Type: NTFS
    Drive D: | 4.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 232.88 Gb Total Space | 175.37 Gb Free Space | 75.30% Space Free | Partition Type: NTFS

    Computer Name: 5-SEO-DARA | User Name: darag | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1
    "" =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)
    "C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" = C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe:*:Enabled:ShoreTel.ShoreTel.App -- (ShoreTel Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{12EFA64E-EA63-4731-A082-DCE265452CD0}" = lport=9156 | protocol=6 | dir=in | name=payclock export service |
    "{13CACE53-22AE-402D-830F-41889AE25948}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |
    "{16704C3F-F338-447B-AEF5-3CCBCD176243}" = lport=7352 | protocol=6 | dir=out | name=pc-click terminal service |
    "{1D096035-4A39-42DA-AF77-6F4428CEAAEE}" = lport=7351 | protocol=6 | dir=out | name=payclock pc600 auto poll port |
    "{35880077-0933-4FF9-BB56-5C0094DB5B5D}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |
    "{3724F4E9-9427-429A-806A-F6B1E60235CC}" = lport=9158 | protocol=6 | dir=in | name=payclock export service progress port |
    "{3A207B74-6353-46B4-B257-25AEEFE51AB2}" = lport=9157 | protocol=6 | dir=out | name=payclock export service client progress port |
    "{52001174-462A-4DE2-B636-7E6431BECD6E}" = lport=7351 | protocol=6 | dir=in | name=payclock pc600 auto poll port |
    "{53FCF832-045E-4334-A734-0DA1FCCAEA3F}" = lport=9158 | protocol=6 | dir=in | name=payclock export service progress port |
    "{556F1686-79B6-48FB-92C1-FC1B3C6D8788}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{6C0E4311-3E3D-4C94-B89A-9AF17466EFF4}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |
    "{7A0AB8E4-DC19-436B-B703-0138874D7417}" = lport=9158 | protocol=6 | dir=out | name=payclock export service progress port |
    "{85E8B571-413C-4A6B-8C45-69A9F395F75E}" = lport=9156 | protocol=6 | dir=out | name=payclock export service |
    "{9389DA7C-2F38-4F33-9B5A-B616A847C7FB}" = lport=9156 | protocol=6 | dir=in | name=payclock export service |
    "{A98B469E-7676-4946-829B-38278B8B246A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AB03AE28-9C0E-4EA3-B52A-3BF212E7FE6F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{B298DC71-0D32-4148-84F9-95A28B4D0123}" = lport=7350 | protocol=6 | dir=out | name=payclock pc600 port |
    "{BAD6BB2C-3DFD-489F-BB65-38F9F936FAF7}" = lport=9157 | protocol=6 | dir=out | name=payclock export service client progress port |
    "{BD72F979-1D88-4485-B90E-1E7562B82AE7}" = lport=7350 | protocol=6 | dir=in | name=payclock pc600 port |
    "{D5847414-6183-49C3-81F9-1893051D2EF5}" = lport=9157 | protocol=6 | dir=in | name=payclock export service client progress port |
    "{D6E35AED-ABB9-49D4-80C5-B2C5FC226D47}" = lport=9156 | protocol=6 | dir=out | name=payclock export service |
    "{E04C5459-F42F-4C6B-8C31-33E3D4F19778}" = lport=9158 | protocol=6 | dir=out | name=payclock export service progress port |
    "{EBF292AC-0596-40EF-AE22-E3E98C625027}" = lport=7352 | protocol=6 | dir=in | name=pc-click terminal service |
    "{F01D085E-87DB-450B-B1EE-31AC15396C62}" = lport=9157 | protocol=6 | dir=in | name=payclock export service client progress port |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00D94F4F-AF22-416C-BF17-A9A60854D504}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{1553573E-2D11-4F62-AE4A-158C557982C0}" = dir=in | app=c:\payclockinstallcd\payclock.msi |
    "{166417C1-483C-49E3-BE71-C4D1C6632425}" = dir=in | app=c:\payclockinstallcd\payclock.msi |
    "{25856E8C-2F7A-402F-B2AC-7685AB3B0110}" = dir=in | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{2816654A-2BF3-4F6E-AFB7-0148EF36AE0B}" = dir=in | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{384824FC-C9BC-4E76-95BB-071968781017}" = dir=out | app=c:\payclockinstallcd\payclock.msi |
    "{38E9FB00-6AA7-466F-B812-CB930E5EB404}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{40122182-0115-4520-AD80-305FF421FC4A}" = dir=out | app=c:\payclockinstallcd\payclock.msi |
    "{42F67DE7-AAC1-4C4B-A5BE-0FC4550B3921}" = dir=in | app=c:\payclockinstallcd\payclock.msi |
    "{43602042-5072-4480-9802-2CD9D11596F1}" = dir=out | app=c:\program files\lathem time corporation\payclock\lathem.usbtm.service.exe |
    "{45FB0693-CAC7-4205-91D8-643E6AD1C2F2}" = dir=in | app=c:\program files\lathem time corporation\payclock\licensemanager.exe |
    "{4636AA02-AE25-4730-9939-7B7AFCA086E7}" = dir=out | app=c:\program files\lathem time corporation\payclock\lathem.payclock.updatemanager.exe |
    "{5060A14C-D7B1-4719-94E9-0B867D9E63C8}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{58431EC3-3526-477A-B388-8EB25276CA2B}" = dir=in | app=c:\program files\lathem time corporation\payclock\lathem.usbtm.service.exe |
    "{58D0353E-02EA-4931-8132-9D2BB361FB52}" = dir=in | app=c:\program files\lathem time corporation\payclock\lathem.pc600.service.exe |
    "{59881718-0353-4F25-9B5F-8C4A298A9D2D}" = dir=out | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{61E91376-D1D4-4810-A7C6-58C19B1C4BE1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{72FCA8A4-D20D-489F-AE04-844289AFADFE}" = dir=out | app=c:\program files\lathem time corporation\payclock\payclockv6.exe |
    "{802C3187-ED10-4469-9E58-3227ACC57437}" = dir=out | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{8CA924D9-E8B4-40E6-9102-DF3CBB6B7F94}" = dir=in | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{8F25B3FD-A5CD-416B-BB25-0B90170522FA}" = dir=out | app=c:\payclockinstallcd\payclock.msi |
    "{912A0DBA-A3A8-4136-B0BB-E71EE2EA8322}" = dir=in | app=c:\payclockinstallcd\payclock.msi |
    "{9538309C-B012-4257-B578-05D9FE390599}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{99AF7E30-7666-4E2E-8CA8-1EA9CFCB25CD}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{9F1A5942-05FA-46AE-9B82-1C13653168B2}" = dir=out | app=c:\program files\lathem time corporation\payclock\dbsrv11.exe |
    "{A17A6E70-C7C4-4122-8BB9-0EBACED0EB89}" = dir=out | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{A22CED90-1F4B-4EDF-9F17-057B17FAEC45}" = dir=in | app=c:\program files\lathem time corporation\payclock\registrationwizard.exe |
    "{AD028CB3-6771-42D7-AB86-0AA17E558669}" = dir=out | app=c:\program files\lathem time corporation\payclock\registrationwizard.exe |
    "{ADF28E1C-BD83-4B7A-9A75-DFC38A97D95D}" = dir=out | app=c:\program files\lathem time corporation\payclock\lathem.pc600.service.exe |
    "{B1C77C99-4800-472C-A4C3-93635E503581}" = dir=in | app=c:\program files\lathem time corporation\payclock\lathem.payclock.updatemanager.exe |
    "{B90BAF38-7DFC-4C3A-9264-83D9CEC63F1A}" = dir=out | app=c:\program files\lathem time corporation\payclock\licensemanager.exe |
    "{BD7C4FCA-9E09-426F-8775-9DD10824A7FB}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{C211D899-410E-4E23-B5E3-3ECB2996D931}" = dir=in | app=c:\program files\lathem time corporation\payclock\dbsrv11.exe |
    "{C7463E75-33AB-4A3C-BE88-52B6C492EC8B}" = dir=in | app=c:\program files\lathem time corporation\payclock\payclockv6.exe |
    "{D1E33F31-A477-4A8C-9396-E97C0D6CF7EF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{DB05DE5F-EDD3-44DF-A532-62080F485A06}" = dir=in | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{E118E854-3806-4E9A-9814-DFEE81E52A5D}" = dir=out | app=c:\payclockinstallcd\payclockinstaller.exe |
    "{E3018676-1BAB-4327-9DC5-9AAFBE18594A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{E7FB862F-88BD-4C38-AD54-B2CF044A206B}" = dir=out | app=c:\payclockinstallcd\payclock.msi |
    "{F9CD4B97-8153-4830-8603-103B1C54C268}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
    "{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{6B7DB70F-7F73-46B9-AE73-CE87EEF9428D}" = PayClock
    "{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
    "{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{F10ADDB9-839B-448B-BD2E-3BCB5C1E4B55}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "sp6" = Logitech SetPoint 6.30

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
    "{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
    "{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A0F591C-6ACB-225D-7CEE-4C5F9BEFEB7D}" = Amazon MP3 Uploader
    "{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D25C502E-FF51-424C-8C38-8596FE47D0CD}" = Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{E052747B-E970-4643-B58D-D6F7FD4AD362}" = ShoreTel Communicator
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "7-Zip" = 7-Zip 9.21beta
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AIM_7" = AIM 7
    "BOSCH eCat Advantage_is1" = BOSCH eCat Advantage with MultiView Reader
    "com.amazon.music.uploader" = Amazon MP3 Uploader
    "E-catalogue 201101" = E-catalogue 201101
    "FileZilla Client" = FileZilla Client 3.5.2
    "Foxit Reader" = Foxit Reader
    "Google Chrome" = Google Chrome
    "InstallShield_{786A9F7E-CFEC-451F-B3C4-22EB11550FD8}" = Kaspersky Lab Network Agent
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
    "Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English
    "webmmf" = WebM Media Foundation Components
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WORLDPAC speedDIAL_is1" = WORLDPAC speedDIAL
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "Zebra Font Downloader_is1" = Zebra Font Downloader

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "AIM" = AIM for Windows

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/27/2012 3:57:15 PM | Computer Name = 5-seo-dara.meridian.local | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "C:\Program Files (x86)\Windows
    Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
    Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 6/27/2012 4:41:56 PM | Computer Name = 5-seo-dara.meridian.local | Source = VSS | ID = 12305
    Description =

    Error - 6/27/2012 7:14:13 PM | Computer Name = 5-seo-dara.meridian.local | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "C:\Program Files (x86)\Windows
    Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
    Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 6/27/2012 9:39:12 PM | Computer Name = 5-seo-dara.meridian.local | Source = UPHClean | ID = 1
    Description =

    Error - 6/27/2012 9:39:12 PM | Computer Name = 5-seo-dara.meridian.local | Source = MsiInstaller | ID = 11722
    Description =

    Error - 6/27/2012 10:02:06 PM | Computer Name = 5-seo-dara.meridian.local | Source = UPHClean | ID = 1
    Description =

    Error - 6/27/2012 10:02:06 PM | Computer Name = 5-seo-dara.meridian.local | Source = MsiInstaller | ID = 11722
    Description =

    Error - 6/27/2012 10:46:06 PM | Computer Name = 5-seo-dara.meridian.local | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 3:30:27 AM | Computer Name = 5-seo-dara.meridian.local | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 7:13:45 AM | Computer Name = 5-seo-dara.meridian.local | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    [ Kaspersky Event Log Events ]
    Error - 3/19/2012 2:25:23 PM | Computer Name = 5-seo-dara.meridian.local | Source = klnagent | ID = 1
    Description = Connector for product 'Kaspersky Anti-Virus 6.0 for Windows Workstations'
    hung !!!

    [ System Events ]
    Error - 4/26/2011 12:34:17 PM | Computer Name = 5-seo-dara.meridian.local | Source = Application Management Group Policy | ID = 102
    Description = The install of application User Profile Hive Cleanup Service from
    policy UPHClean Install failed. The error was : %1603

    Error - 4/26/2011 12:34:17 PM | Computer Name = 5-seo-dara.meridian.local | Source = Application Management Group Policy | ID = 108
    Description = Failed to apply changes to software installation settings. Software
    changes could not be applied. A previous log entry with details should exist.
    The error was : %1603

    Error - 4/28/2011 11:20:59 AM | Computer Name = 5-seo-dara.meridian.local | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 5/1/2011 2:22:57 PM | Computer Name = 5-seo-dara.meridian.local | Source = Application Management Group Policy | ID = 102
    Description = The install of application User Profile Hive Cleanup Service from
    policy UPHClean Install failed. The error was : %1603

    Error - 5/1/2011 2:22:57 PM | Computer Name = 5-seo-dara.meridian.local | Source = Application Management Group Policy | ID = 108
    Description = Failed to apply changes to software installation settings. Software
    changes could not be applied. A previous log entry with details should exist.
    The error was : %1603

    Error - 5/3/2011 12:48:51 PM | Computer Name = 5-seo-dara.meridian.local | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 5/4/2011 11:51:01 AM | Computer Name = 5-seo-dara.meridian.local | Source = Application Management Group Policy | ID = 102
    Description = The install of application User Profile Hive Cleanup Service from
    policy UPHClean Install failed. The error was : %1603

    Error - 5/4/2011 11:51:01 AM | Computer Name = 5-seo-dara.meridian.local | Source = Application Management Group Policy | ID = 108
    Description = Failed to apply changes to software installation settings. Software
    changes could not be applied. A previous log entry with details should exist.
    The error was : %1603

    Error - 5/5/2011 12:21:34 PM | Computer Name = 5-seo-dara.meridian.local | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR2.

    Error - 5/5/2011 12:21:38 PM | Computer Name = 5-seo-dara.meridian.local | Source = NETLOGON | ID = 5719
    Description = This computer was not able to set up a secure session with a domain
    controller
    in domain MERIDIAN due to the following: %%1311 This may lead to authentication
    problems. Make sure that this computer is connected to the network. If the problem
    persists, please contact your domain administrator. ADDITIONAL INFO If this computer
    is a domain controller for the specified domain, it sets up the secure session to
    the primary domain controller emulator in the specified domain. Otherwise, this
    computer sets up the secure session to any domain controller in the specified domain.


    < End of report >
     
  5. joebuilder

    joebuilder TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-28 12:32:29
    Windows 6.1.7601 Service Pack 1
    Running: lu9tc8rv.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Thu?, ?Jun ?28 ?12, 10:08:41 AM???????????????????????????????
    ---- Files - GMER 1.0.15 ----
    File C:\Users\darag\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DD0W5V9U\virus-and-malware-removal[1].htm 0 bytes
    File C:\Users\darag\AppData\Local\Temp\flaFD47.tmp 0 bytes
    ---- EOF - GMER 1.0.15 ----
     
  6. joebuilder

    joebuilder TS Rookie Topic Starter

    I think thats all I got. Please help
     
  7. joebuilder

    joebuilder TS Rookie Topic Starter

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by darag at 15:20:25 on 2012-06-28
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16366.11212 [GMT -7:00]
    .
    AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
    FW: Kaspersky Anti-Virus *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe
    C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Asmico\E-catalogue\db\bin\mysqld-nt.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
    C:\Users\darag\AppData\Local\AOL\AIM\aim.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Microsoft Visual FoxPro 9\vfp9.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Microsoft Visual FoxPro 9\vfp9.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.meridianautoparts.com/admin/internet_start_page.asp
    mWinlogon: Userinit=userinit.exe
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
    uRun: [AIM for Windows] "C:\Users\darag\AppData\Local\AOL\AIM\aim.exe"
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
    uRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
    uPolicies-explorer: DisableCurrentUserRunOnce = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    mPolicies-system: DisableBkGndGroupPolicy = 1 (0x1)
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
    IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} - hxxp://192.168.1.50/ShoreWareResources/ClientInstall/ShoretelClientInstall.ocx
    DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://192.168.1.50/shorewaredirector/VoiceMessage.ocx
    DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.2 192.168.1.22
    TCP: Interfaces\{41C9455D-529A-4365-8D39-6B4E07028415} : DhcpNameServer = 192.168.1.2 192.168.1.22
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll
    Hosts: 109.163.226.208 www.google-analytics.com.
    Hosts: 109.163.226.208 ad-emea.doubleclick.net.
    Hosts: 109.163.226.208 www.statcounter.com.
    Hosts: 67.215.245.19 www.google-analytics.com.
    Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\darag\AppData\Roaming\Mozilla\Firefox\Profiles\3rzloabl.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.meridianautoparts.com/admin/internet_start_page.asp
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-11 98208]
    R2 AVP;Kaspersky Anti-Virus 6.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2010-3-12 311680]
    R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-11 13336]
    R2 klnagent;Kaspersky Lab Network Agent;C:\Program Files (x86)\Kaspersky Lab\NetworkAgent 8\klnagent.exe [2010-10-20 141688]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-28 654408]
    R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
    R2 MySQL_EDOC;MySQL_EDOC;C:\Program Files (x86)\Asmico\E-catalogue\db\bin\mysqld-nt.exe [2008-1-31 5730304]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys --> C:\Windows\system32\DRIVERS\klfltdev.sys [?]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-13 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-13 136176]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
    S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
    .
    =============== Created Last 30 ================
    .
    2012-06-28 18:12:14 -------- d-----w- C:\Users\darag\AppData\Roaming\Malwarebytes
    2012-06-28 18:12:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-28 18:12:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-28 18:12:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-28 17:25:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB00D8E6-02A5-4ECA-8AD0-A183445BC888}\offreg.dll
    2012-06-28 16:45:21 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-06-28 16:45:21 -------- d-----w- C:\Windows\System32\Wat
    2012-06-28 16:44:58 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
    2012-06-28 16:40:04 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
    2012-06-28 16:37:33 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-06-28 16:37:33 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-06-28 16:37:33 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-06-28 16:03:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-28 16:03:48 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-27 20:42:06 -------- d-----w- C:\Windows\System32\SPReview
    2012-06-27 20:41:26 -------- d-----w- C:\Windows\System32\EventProviders
    2012-06-27 20:37:47 1158656 ----a-w- C:\Windows\System32\webservices.dll
    2012-06-27 20:36:59 413696 ----a-w- C:\Windows\SysWow64\PhotoScreensaver.scr
    2012-06-27 20:35:21 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2012-06-27 20:08:00 2565632 ----a-w- C:\Windows\System32\esent.dll
    2012-06-27 20:08:00 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
    2012-06-27 20:08:00 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-06-27 19:19:37 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB00D8E6-02A5-4ECA-8AD0-A183445BC888}\mpengine.dll
    2012-06-27 19:04:07 -------- d-----w- C:\Users\darag\AppData\Local\Macromedia
    2012-06-27 19:03:45 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-27 19:03:45 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-27 18:26:52 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-06-27 18:26:52 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-06-27 18:26:52 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-06-27 18:26:52 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-06-27 18:26:52 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-06-27 18:26:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-06-27 18:26:52 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-06-27 18:07:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-06-27 18:07:07 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-06-27 18:07:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-06-27 18:07:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-06-27 18:07:07 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-06-27 18:07:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-06-27 18:05:52 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-27 18:04:46 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-27 18:03:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-06-27 18:02:08 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2012-06-27 18:02:08 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2012-06-27 18:01:33 642944 ----a-w- C:\Windows\System32\winload.efi
    2012-06-27 18:01:33 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2012-06-27 18:01:33 605552 ----a-w- C:\Windows\System32\winload.exe
    2012-06-27 18:01:33 566208 ----a-w- C:\Windows\System32\winresume.efi
    2012-06-27 18:01:33 518672 ----a-w- C:\Windows\System32\winresume.exe
    2012-06-27 18:01:33 20352 ----a-w- C:\Windows\System32\kdusb.dll
    2012-06-27 18:01:33 19328 ----a-w- C:\Windows\System32\kd1394.dll
    2012-06-27 18:01:33 17792 ----a-w- C:\Windows\System32\kdcom.dll
    2012-06-27 18:00:25 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-06-27 18:00:25 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-06-27 18:00:25 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-06-27 17:57:35 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-06-27 17:57:35 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-06-27 17:36:53 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-27 17:36:43 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-27 17:36:24 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-27 17:36:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-17 00:14:19 -------- d-----w- C:\ProgramData\GroupPolicy
    .
    ==================== Find3M ====================
    .
    2012-06-28 01:28:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-06-28 01:28:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-06-25 15:57:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-25 15:57:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    .
    ============= FINISH: 15:21:01.43 ===============
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    Attach.txt part of DDS is missing so provide that.

    ==================================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Click on SCAN.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. joebuilder

    joebuilder TS Rookie Topic Starter

    Rogue Killer

    RogueKiller V7.6.1 [06/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: darag [Admin rights]
    Mode: Scan -- Date: 06/29/2012 10:30:02
    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] aim.exe -- C:\Users\darag\AppData\Local\AOL\AIM\aim.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries: 7 ¤¤¤
    [SUSP PATH] HKCU\[...]\Run : AIM for Windows ("C:\Users\darag\AppData\Local\AOL\AIM\aim.exe") -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-443826872-567759323-2654381859-1141[...]\Run : AIM for Windows ("C:\Users\darag\AppData\Local\AOL\AIM\aim.exe") -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost
    109.163.226.208 www.google-analytics.com.
    109.163.226.208 ad-emea.doubleclick.net.
    109.163.226.208 www.statcounter.com.
    67.215.245.19 www.google-analytics.com.
    67.215.245.19 ad-emea.doubleclick.net.
    67.215.245.19 www.statcounter.com.

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST3320418AS +++++
    --- User ---
    [MBR] cfd9bd058f23781dde2a5cba76655aef
    [BSP] 07b0bbe215be2fecc885196b1f298bd9 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 750 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1617920 | Size: 304454 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Seagate Portable USB Device +++++
    --- User ---
    [MBR] ac09da16c42a190f9638f7324d11c339
    [BSP] 768c19d47c6e3413e5a68b442ef3c2a3 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  10. joebuilder

    joebuilder TS Rookie Topic Starter

    so roguekiller found a bad hosts file. I had it 'fix' the hosts file. I'll watch today and see if that fixes it.

    I have windows 7 and cleaned this hosts file

    C:\Windows\System32\drivers\etc

    Is there another one? Or in another location?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please observe my rules:
    I still need aswMBR log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...