TechSpot

GoogleDoubleClick infection an IE outgoing connect attempts

Solved
By Allan Yates
Aug 1, 2012
  1. Links from Google searches are being intermittantly redirected to undesirable websites and sometimes to googledoubleclicks. Also, Malwarebytes is reporting IE attempting outbound connections to certain IP addresses.

    2012/07/31 23:46:56 -0400 PUGET-87649 Allan IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 7913, Process: iexplore.exe)
    2012/07/31 23:46:56 -0400 PUGET-87649 Allan IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 7914, Process: iexplore.exe)

    Windows 7, running Microsoft Security Essentials.

    Malwarebytes Scan Log
    ==================
    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.01.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Allan :: PUGET-87649 [administrator]
    Protection: Enabled
    7/31/2012 10:16:27 PM
    mbam-log-2012-07-31 (22-16-27).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 574434
    Time elapsed: 37 minute(s), 3 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    GMER Log
    =========
    <None produced>

    DDS Log
    =======
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Allan at 23:57:00 on 2012-07-31
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16362.11670 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\DHCP Server\dhcpsrv.exe
    C:\Program Files\DirectUpdate v4\DUEngine.exe
    C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe
    C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe
    C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DirectUpdate v4\DUControl.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
    C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
    C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe
    C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    C:\Program Files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [DUControl] "C:\Program Files\DirectUpdate v4\DUControl.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
    mRun: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
    mRun: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
    mRun: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
    mRun: [NcpMonitor] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Allan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DEALFI~1.LNK - C:\Program Files (x86)\AA\DealFinder\DealFinder\DealFinder.exe
    StartupFolder: C:\Users\Allan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ECMENG~1.LNK - C:\Program Files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} - hxxp://www.myplaydownload.com/HipDigitalDownloadManager.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lcs.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
    TCP: Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649} : NameServer = 209.226.175.236,66.158.128.37,198.235.216.130
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
    mRun-x64: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
    mRun-x64: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
    mRun-x64: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
    mRun-x64: [NcpMonitor] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" autorun
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
    FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\Users\Allan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-5-20 20549]
    R2 DHCPServer;DHCP Server;C:\Program Files (x86)\DHCP Server\dhcpsrv.exe [2011-8-14 102400]
    R2 DirectUpdate;DirectUpdate engine;C:\Program Files\DirectUpdate v4\DUEngine.exe [2011-8-3 324336]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-27 13592]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-31 655944]
    R2 ncpclcfg;ncpclcfg;C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe [2012-3-26 86016]
    R2 ncprwsnt;ncprwsnt;C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2012-3-26 1389576]
    R2 NcpSec;NcpSec;C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPSEC.EXE [2012-3-26 97280]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-2-9 31408]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-21 378472]
    R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-27 2655768]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-15 1436424]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 136176]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
    S3 ncpfilt;WatchGuard Filter;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\system32\DRIVERS\tap0801.sys --> C:\Windows\system32\DRIVERS\tap0801.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-01 03:56:45 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03C8C74C-C178-4140-A58D-BE8A80F4C278}\mpengine.dll
    2012-08-01 02:11:43 -------- d-----w- C:\Users\Allan\AppData\Roaming\Malwarebytes
    2012-08-01 02:11:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-01 02:11:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-01 02:11:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-30 20:38:02 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-25 03:28:52 -------- d-----w- C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}
    2012-07-25 03:28:50 466432 ----a-w- C:\Users\Allan\AppData\Roaming\msidt.dll
    2012-07-21 15:50:10 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-16 10:49:12 -------- d-----w- C:\Users\Allan\AppData\Roaming\Canon_Inc_IC
    2012-07-16 10:48:46 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
    2012-07-16 10:47:23 -------- d-----w- C:\ProgramData\Canon_Inc_IC
    2012-07-03 17:13:56 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E06F6F0-3E7C-4866-A264-704845D84282}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2012-07-27 12:52:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-27 12:52:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    .
    ============= FINISH: 23:57:12.73 ===============

    DDS Attach Log
    ============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/27/2011 8:57:28 AM
    System Uptime: 7/31/2012 5:54:13 PM (6 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | P8H67-M EVO
    Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 27.193 GiB free.
    D: is FIXED (NTFS) - 1863 GiB total, 1317.952 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 1863 GiB total, 688.958 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: TAP-Win32 Adapter V8
    Device ID: ROOT\NET\0000
    Manufacturer: TAP-Win32 Provider
    Name: TAP-Win32 Adapter V8
    PNP Device ID: ROOT\NET\0000
    Service: tap0801
    .
    ==== System Restore Points ===================
    .
    RP415: 7/24/2012 4:38:15 PM - Windows Update
    RP416: 7/25/2012 4:00:04 AM - Windows Backup
    RP417: 7/26/2012 4:00:05 AM - Windows Backup
    RP418: 7/27/2012 4:00:04 AM - Windows Backup
    RP419: 7/28/2012 4:00:05 AM - Windows Backup
    RP420: 7/28/2012 4:37:55 PM - Windows Update
    RP421: 7/29/2012 4:00:05 AM - Windows Backup
    RP422: 7/30/2012 4:00:04 AM - Windows Backup
    RP423: 7/31/2012 4:00:05 AM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0.1
    Adobe Photoshop Elements 2.0
    Adobe Reader X (10.1.3)
    Adobe SVG Viewer 3.0
    Adobe Widget Browser
    Antidote HD
    Apache HTTP Server 2.2.19
    Apex TIFF to PDF Converter 2.3.8.2
    Apple Application Support
    Apple Software Update
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Autodesk Design Review 2011
    Autodesk Material Library 2011
    Autodesk Material Library 2011 Base Image library
    Autodesk Material Library 2011 Medium Image library
    AWStats
    BlackBerry Desktop Software 7.0
    Brother MFL-Pro Suite MFC-290C
    Camtasia Studio 7
    Canon DIGITAL CAMERA Solution Disk Software Guide
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot SX210 IS Camera User Guide
    Canon PowerShot SX260 HS and SX240 HS Camera User Guide
    Canon Utilities CameraWindow DC 8
    Canon Utilities ImageBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Crestron Database
    Crestron Device Database
    Crestron Toolbox v1.15
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DesignPro 5.4 Limited Edition
    Easy HTML Autorun Builder
    Easy Thumbnails (Remove only)
    ECM-1240 EngineG
    FotoFusion v5
    Free WMA to MP3 Converter 1.16
    Front Panel Designer
    FrostWire 5.2.9
    GnuWin32: Wget-1.11.4-1
    Google Earth
    Google Update Helper
    GoToMeeting 4.8.0.723
    gPhotoShow Pro v5.2.1
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    ImageMagick 6.7.6-4 Q16 (2012-04-01)
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel® Solid-State Drive Toolbox
    jAlbum
    Java Auto Updater
    Java(TM) 6 Update 31
    Logitech Media Server 7.7.0
    Malwarebytes Anti-Malware version 1.62.0.1300
    marvell 61xx
    MediaInfo 0.7.51 (32-bit)
    Microsoft .NET Framework 1.1
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Business 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    mp3splt
    mp3splt-gtk
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MWSnap 3
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    OpenVPN 2.0.9-gui-1.0.3
    Pazera Free MP4 to AVI Converter 1.6
    Photodex Presenter
    PHP 5.2.17
    PL-2303 USB-to-Serial
    ProShow Gold
    ProShow Producer
    PStill PostScript to PDF Converter (remove only)
    QLink
    QLink 4.82
    QuickTime
    ReadMyHeart Software
    RealDownloader
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    SaveVid Plug-in
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    SIMPL Windows v2.11
    SIMPL+ Cross Compiler
    TextPad 5
    TurboTax 2011
    UltiDev Cassini Web Server Explorer
    UltiDev Cassini Web Server for ASP.NET 2.0
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VisionTools Pro-e v4.0
    Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
    WatchGuard Mobile VPN
    WebEx
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/31/2012 9:28:47 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
    7/31/2012 9:28:47 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.
    7/31/2012 9:28:47 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
    7/31/2012 9:28:46 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Nitro Reader Driver 2 required for printer Nitro PDF Creator 2 (Reader) is unknown. Contact the administrator to install the driver before you log in again.
    7/31/2012 9:28:41 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again.
    7/31/2012 9:28:40 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.
    7/31/2012 9:28:39 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver RICOH Aficio MP 2851 PCL 5e required for printer !!ottas14a!RICOH 2851 PCL 5e is unknown. Contact the administrator to install the driver before you log in again.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Same computer as here: http://www.techspot.com/community/topics/win-7-siref-y-infection.181941/ ?

    ======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. Allan Yates

    Allan Yates TS Rookie Topic Starter Posts: 16

    No, that previous thread was from my wife's laptop, used also by the kids. This PC is my main home desktop. I am very careful with it, and I think it only got infected in the last day or so. I don't download random programs, don't do P2P, etc. I'm at a loss as to how it got infected with MSE active at all times. Even the kids haven't been at home for a couple of weeks :)

    Rogue Killer Report
    ===============
    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Allan [Admin rights]
    Mode: Scan -- Date: 08/01/2012 00:13:24
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 8 ¤¤¤
    [BLACKLIST DLL] HKLM\[...]\Run : msidt ("C:\Windows\System32\rundll32.exe" "C:\Users\Allan\AppData\Roaming\msidt.dll",GetDesc) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649} : NameServer (209.226.175.236,66.158.128.37,198.235.216.130) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649} : NameServer (209.226.175.236,66.158.128.37,198.235.216.130) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: INTEL SSDSC2MH120A2 ATA Device +++++
    --- User ---
    [MBR] 6c0c8f50d73eaca9e0fd67ad6fb59718
    [BSP] c66af5eea8b51d0ab2563cc6c4cd275b : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: WDC WD20EARX-00PASB0 ATA Device +++++
    --- User ---
    [MBR] ddecf894b166a8094f4dc1f806817945
    [BSP] 09e0223b9e55e5a5296ad4bc78312dba : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: ST320005 42AS USB Device +++++
    --- User ---
    [MBR] 4bad91225c4899b3e2cbe9372d9eab39
    [BSP] d4bdc7276c80afcbfb42bb7be7c7be12 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    aswMBR Log
    ==========
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-01 00:13:47
    -----------------------------
    00:13:47.994 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:13:47.994 Number of processors: 8 586 0x2A07
    00:13:47.994 ComputerName: PUGET-87649 UserName: Allan
    00:13:48.473 Initialize success
    00:16:14.527 AVAST engine defs: 12073102
    00:16:41.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:16:41.501 Disk 0 Vendor: INTEL_SSDSC2MH120A2 PPG4 Size: 114473MB BusType: 3
    00:16:41.502 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
    00:16:41.503 Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
    00:16:41.505 Disk 0 MBR read successfully
    00:16:41.506 Disk 0 MBR scan
    00:16:41.508 Disk 0 Windows 7 default MBR code
    00:16:41.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    00:16:41.525 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    00:16:41.555 Disk 0 scanning C:\Windows\system32\drivers
    00:16:45.924 Service scanning
    00:16:56.697 Modules scanning
    00:16:56.697 Disk 0 trace - called modules:
    00:16:56.699 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    00:16:56.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d878790]
    00:16:56.699 3 CLASSPNP.SYS[fffff88001fb743f] -> nt!IofCallDriver -> [0xfffffa800d5c4580]
    00:16:56.699 5 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d5c1060]
    00:16:57.136 AVAST engine scan C:\Windows
    00:17:00.601 AVAST engine scan C:\Windows\system32
    00:18:46.161 AVAST engine scan C:\Windows\system32\drivers
    00:18:52.050 AVAST engine scan C:\Users\Allan
    00:19:23.996 Disk 0 MBR has been saved successfully to "d:\Users\Allan\Desktop\MBR.dat"
    00:19:24.045 The log file has been saved successfully to "d:\Users\Allan\Desktop\aswMBR.txt"
    00:21:30.181 AVAST engine scan C:\ProgramData
    00:23:25.199 Scan finished successfully
    00:24:37.715 Disk 0 MBR has been saved successfully to "d:\Users\Allan\Desktop\MBR.dat"
    00:24:37.851 The log file has been saved successfully to "d:\Users\Allan\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Allan Yates

    Allan Yates TS Rookie Topic Starter Posts: 16

    ComboFix Log File
    ==============
    ComboFix 12-07-30.03 - Allan 08/01/2012 0:53.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16362.14162 [GMT -4:00]
    Running from: d:\users\Allan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\4461f48e31bde5c56b31b973b773de09\List.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\93e7e3d6030f426844228042348210cf\Service.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\bd5179a413bc0c4b82eedc22c6cab101\re.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\e56c61f7248672819579325af3387035\POSIX.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\eb138ef0e4282611dbf485a302784646\LibYAML.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\f233f63b6654362865c7577442edb9e3\Win32.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\perl514.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\17d0b152e63e6bfe81b4b19588538896\mro.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\3b7106dd14676048b10bbb09a990f74c\XS.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\4461f48e31bde5c56b31b973b773de09\List.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\44727051c604ef6b79894b64d4c63832\Expat.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\7f177c338672436e01c4f0bdbcf94491\EV.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\7f2598c08178217a0e2c754f3d568f28\Byte.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\951e8057c3fe65524966ea64dff289ac\Scan.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\b6bd87c968599725b8ab2e5c25d3046a\API.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\b979ace6da01e63d651cce9ee2474fdc\Name.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\bc147d83c7c868eeee67082dcf55430c\File.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\bd5179a413bc0c4b82eedc22c6cab101\re.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c344fd5536724b2af2e6453833b60203\SHA1.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c668a322917d32a5ea22894518aa9897\Base64.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d0bf009923f29116535c26d228271d6d\Scan.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e56c61f7248672819579325af3387035\POSIX.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\eb138ef0e4282611dbf485a302784646\LibYAML.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\f233f63b6654362865c7577442edb9e3\Win32.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
    c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\perl514.dll
    c:\users\Allan\AppData\Roaming\msidt.dll
    c:\users\Allan\g2mdlhlpx.exe
    c:\windows\SysWow64\tmp81BC.tmp
    c:\windows\SysWow64\tmp81BD.tmp
    d:\users\Allan\Documents\~WRL0204.tmp
    d:\users\Allan\Documents\~WRL0478.tmp
    d:\users\Allan\Documents\~WRL2372.tmp
    d:\users\Allan\Documents\~WRL2375.tmp
    d:\users\Allan\Documents\~WRL2383.tmp
    d:\users\Allan\Documents\~WRL3279.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-01 03:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03C8C74C-C178-4140-A58D-BE8A80F4C278}\mpengine.dll
    2012-08-01 02:11 . 2012-08-01 02:11 -------- d-----w- c:\users\Allan\AppData\Roaming\Malwarebytes
    2012-08-01 02:11 . 2012-08-01 02:11 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-30 20:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-27 04:12 . 2012-07-27 04:12 -------- d-----w- c:\programdata\McAfee
    2012-07-25 03:28 . 2012-07-25 03:28 -------- d-----w- c:\users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}
    2012-07-21 15:50 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-16 10:49 . 2012-07-16 10:49 -------- d-----w- c:\users\Allan\AppData\Roaming\Canon_Inc_IC
    2012-07-16 10:48 . 2012-07-16 10:48 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
    2012-07-16 10:47 . 2012-07-16 10:47 -------- d-----w- c:\users\Allan\AppData\Roaming\canon
    2012-07-16 10:47 . 2012-07-16 10:47 -------- d-----w- c:\programdata\Canon_Inc_IC
    2012-07-03 17:13 . 2012-02-10 22:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E06F6F0-3E7C-4866-A264-704845D84282}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 12:52 . 2012-04-06 13:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 12:52 . 2011-08-03 23:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-21 15:48 . 2011-07-27 22:43 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-19 05:21 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 05:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 05:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 05:21 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 05:21 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 05:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 05:21 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-19 05:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-19 05:21 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-04 11:06 . 2012-06-13 22:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 22:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 22:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DUControl"="c:\program files\DirectUpdate v4\DUControl.exe" [2011-03-03 52464]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "agentantidote.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" [2012-02-23 943168]
    "agentantidote64.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" [2012-02-23 77888]
    "NcpBudgetGui"="c:\program files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" [2010-01-29 1032192]
    "NcpPopup"="c:\program files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" [2010-01-13 579072]
    "NcpMonitor"="c:\program files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" [2010-02-24 6637056]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    .
    c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    DealFinder.lnk - c:\program files (x86)\AA\DealFinder\DealFinder\DealFinder.exe [N/A]
    ECM Engine.lnk - c:\program files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe [2011-8-4 1748992]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-4 113664]
    Logitech Media Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2011-11-11 3051619]
    Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-8-4 303456]
    Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-5-20 41051]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 ALSysIO;ALSysIO;c:\users\Allan\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-16 1436424]
    R3 GPU-Z;GPU-Z;c:\users\Allan\AppData\Local\Temp\GPU-Z.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-09-01 317440]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-01 113120]
    R3 ncpfilt;WatchGuard Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [2010-02-23 151272]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-27 1255736]
    S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-05-20 20549]
    S2 DHCPServer;DHCP Server;c:\program files (x86)\DHCP Server\dhcpsrv.exe [2011-08-26 102400]
    S2 ncpclcfg;ncpclcfg;c:\program files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe [2008-06-30 86016]
    S2 ncprwsnt;ncprwsnt;c:\program files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2010-02-25 1389576]
    S2 NcpSec;NcpSec;c:\program files (x86)\WatchGuard\Mobile VPN\ncpsec.exe [2010-02-05 97280]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-02-09 31408]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-16 121832]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-16 364520]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
    S3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [2010-02-23 151272]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-25 174184]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:52]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 03:22]
    .
    2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 03:22]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Save video on Savevid.com - c:\program files (x86)\SavevidPlug-in\redirect.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649}: NameServer = 209.226.175.236,66.158.128.37,198.235.216.130
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
    DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} - hxxp://www.myplaydownload.com/HipDigitalDownloadManager.cab
    FF - ProfilePath - c:\users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-msidt - c:\users\Allan\AppData\Roaming\msidt.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
    c:\progra~2\SQUEEZ~1\server\SQUEEZ~3.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-08-01 00:58:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-01 04:58
    .
    Pre-Run: 29,448,048,640 bytes free
    Post-Run: 60,274,364,416 bytes free
    .
    - - End Of File - - 2AD40439B8C535C83F02AB63BF55A8A7
     
  6. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Looks good :)

    How is computer doing?

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. Allan Yates

    Allan Yates TS Rookie Topic Starter Posts: 16

    =? Computer seems to be working fine again. No redirects from Google. Thanks!

    OTL logfile created on: 8/1/2012 11:19:25 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = d:\Users\Allan\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.14% Memory free
    31.96 Gb Paging File | 29.60 Gb Available in Paging File | 92.62% Paging File free
    Paging file location(s): d:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 56.72 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 1317.95 Gb Free Space | 70.74% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 684.36 Gb Free Space | 36.73% Space Free | Partition Type: NTFS

    Computer Name: PUGET-87649 | User Name: Allan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/01 23:09:02 | 000,597,504 | ---- | M] (OldTimer Tools) -- d:\Users\Allan\Desktop\OTL.exe
    PRC - [2012/07/31 20:27:23 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
    PRC - [2012/02/22 21:12:42 | 000,943,168 | ---- | M] (Druide informatique inc.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
    PRC - [2012/02/09 13:15:06 | 000,031,408 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2011/10/18 12:21:52 | 014,078,049 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
    PRC - [2011/10/18 12:20:24 | 003,051,619 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
    PRC - [2011/08/26 18:22:52 | 000,102,400 | ---- | M] (Uwe A. Ruttkamp) -- C:\Program Files (x86)\DHCP Server\dhcpsrv.exe
    PRC - [2011/05/21 01:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/04/30 03:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/10/06 00:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/10/06 00:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/02/05 11:02:10 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPSEC.EXE
    PRC - [2010/01/29 13:27:58 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
    PRC - [2008/06/30 12:22:40 | 000,086,016 | ---- | M] (NCP engineering GmbH) -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/01 19:38:49 | 000,028,809 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\87fe0906e4bfbcec428293cf9a5ac335\NetResource.dll
    MOD - [2012/08/01 00:57:02 | 000,098,415 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
    MOD - [2012/08/01 00:57:00 | 000,061,547 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\bc147d83c7c868eeee67082dcf55430c\File.dll
    MOD - [2012/08/01 00:57:00 | 000,032,881 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\b6bd87c968599725b8ab2e5c25d3046a\API.dll
    MOD - [2012/08/01 00:57:00 | 000,017,920 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
    MOD - [2012/08/01 00:56:52 | 004,547,584 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\951e8057c3fe65524966ea64dff289ac\Scan.dll
    MOD - [2012/08/01 00:56:52 | 000,608,256 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
    MOD - [2012/08/01 00:56:52 | 000,361,472 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
    MOD - [2012/08/01 00:56:52 | 000,182,272 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d0bf009923f29116535c26d228271d6d\Scan.dll
    MOD - [2012/08/01 00:56:52 | 000,110,705 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\7f2598c08178217a0e2c754f3d568f28\Byte.dll
    MOD - [2012/08/01 00:56:52 | 000,061,546 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
    MOD - [2012/08/01 00:56:52 | 000,032,878 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
    MOD - [2012/08/01 00:56:52 | 000,030,208 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
    MOD - [2012/08/01 00:56:52 | 000,028,774 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
    MOD - [2012/08/01 00:56:52 | 000,024,701 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
    MOD - [2012/08/01 00:56:52 | 000,024,695 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
    MOD - [2012/08/01 00:56:52 | 000,024,679 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
    MOD - [2012/08/01 00:56:52 | 000,024,672 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\17d0b152e63e6bfe81b4b19588538896\mro.dll
    MOD - [2012/08/01 00:56:52 | 000,024,670 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
    MOD - [2012/08/01 00:56:52 | 000,020,596 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\3b7106dd14676048b10bbb09a990f74c\XS.dll
    MOD - [2012/08/01 00:56:52 | 000,020,596 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
    MOD - [2012/08/01 00:56:52 | 000,020,592 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\b979ace6da01e63d651cce9ee2474fdc\Name.dll
    MOD - [2012/08/01 00:56:52 | 000,020,587 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c668a322917d32a5ea22894518aa9897\Base64.dll
    MOD - [2012/08/01 00:56:51 | 000,184,414 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\bd5179a413bc0c4b82eedc22c6cab101\re.dll
    MOD - [2012/08/01 00:56:51 | 000,138,752 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\44727051c604ef6b79894b64d4c63832\Expat.dll
    MOD - [2012/08/01 00:56:51 | 000,118,918 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
    MOD - [2012/08/01 00:56:51 | 000,094,334 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\eb138ef0e4282611dbf485a302784646\LibYAML.dll
    MOD - [2012/08/01 00:56:51 | 000,090,213 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
    MOD - [2012/08/01 00:56:51 | 000,082,048 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
    MOD - [2012/08/01 00:56:51 | 000,082,033 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
    MOD - [2012/08/01 00:56:51 | 000,077,824 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\7f177c338672436e01c4f0bdbcf94491\EV.dll
    MOD - [2012/08/01 00:56:51 | 000,061,540 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\e56c61f7248672819579325af3387035\POSIX.dll
    MOD - [2012/08/01 00:56:51 | 000,053,340 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
    MOD - [2012/08/01 00:56:51 | 000,041,080 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
    MOD - [2012/08/01 00:56:51 | 000,036,964 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\f233f63b6654362865c7577442edb9e3\Win32.dll
    MOD - [2012/08/01 00:56:51 | 000,030,720 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
    MOD - [2012/08/01 00:56:51 | 000,028,779 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
    MOD - [2012/08/01 00:56:51 | 000,024,694 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c344fd5536724b2af2e6453833b60203\SHA1.dll
    MOD - [2012/08/01 00:56:51 | 000,024,681 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
    MOD - [2012/08/01 00:56:51 | 000,024,679 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
    MOD - [2012/08/01 00:56:51 | 000,024,676 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
    MOD - [2012/08/01 00:56:51 | 000,020,601 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\4461f48e31bde5c56b31b973b773de09\List.dll
    MOD - [2012/08/01 00:56:51 | 000,020,590 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
    MOD - [2012/08/01 00:56:51 | 000,020,590 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
    MOD - [2012/08/01 00:56:51 | 000,020,576 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
    MOD - [2012/08/01 00:56:51 | 000,001,024 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
    MOD - [2012/08/01 00:56:47 | 000,184,414 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\bd5179a413bc0c4b82eedc22c6cab101\re.dll
    MOD - [2012/08/01 00:56:47 | 000,118,918 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
    MOD - [2012/08/01 00:56:47 | 000,094,334 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\eb138ef0e4282611dbf485a302784646\LibYAML.dll
    MOD - [2012/08/01 00:56:47 | 000,082,048 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
    MOD - [2012/08/01 00:56:47 | 000,082,033 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
    MOD - [2012/08/01 00:56:47 | 000,061,540 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\e56c61f7248672819579325af3387035\POSIX.dll
    MOD - [2012/08/01 00:56:47 | 000,053,340 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
    MOD - [2012/08/01 00:56:47 | 000,036,964 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\f233f63b6654362865c7577442edb9e3\Win32.dll
    MOD - [2012/08/01 00:56:47 | 000,032,878 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
    MOD - [2012/08/01 00:56:47 | 000,028,779 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
    MOD - [2012/08/01 00:56:47 | 000,028,774 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
    MOD - [2012/08/01 00:56:47 | 000,024,701 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\93e7e3d6030f426844228042348210cf\Service.dll
    MOD - [2012/08/01 00:56:47 | 000,024,701 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
    MOD - [2012/08/01 00:56:47 | 000,024,679 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
    MOD - [2012/08/01 00:56:47 | 000,024,676 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
    MOD - [2012/08/01 00:56:47 | 000,020,601 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\4461f48e31bde5c56b31b973b773de09\List.dll
    MOD - [2012/08/01 00:56:47 | 000,020,590 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
    MOD - [2012/08/01 00:56:47 | 000,020,576 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
    MOD - [2012/06/21 23:16:50 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll
    MOD - [2012/06/21 22:32:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/21 22:32:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/14 07:24:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/14 07:23:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/14 07:23:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/14 07:23:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/14 07:23:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/11/18 17:23:20 | 000,202,320 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qjpeg4.dll
    MOD - [2011/11/18 17:23:14 | 000,032,336 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qgif4.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/01/29 13:27:58 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
    MOD - [2010/01/21 18:26:38 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPMIF32.DLL
    MOD - [2009/11/27 11:11:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.dll
    MOD - [2009/10/21 12:29:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPDLG.DLL
    MOD - [2002/06/28 10:16:42 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPCFG.DLL


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/15 21:26:35 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/03/02 21:46:52 | 000,324,336 | ---- | M] (WildUP) [Auto | Running] -- C:\Program Files\DirectUpdate v4\DUEngine.exe -- (DirectUpdate)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV - [2012/08/01 00:09:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/31 20:27:23 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe -- (ScsiAccess)
    SRV - [2012/07/27 08:52:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/02/09 13:15:06 | 000,031,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/26 18:22:52 | 000,102,400 | ---- | M] (Uwe A. Ruttkamp) [Auto | Running] -- C:\Program Files (x86)\DHCP Server\dhcpsrv.exe -- (DHCPServer)
    SRV - [2011/05/21 01:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/10/06 00:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/10/06 00:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/25 09:29:20 | 001,389,576 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe -- (ncprwsnt)
    SRV - [2010/02/05 11:02:10 | 000,097,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPSEC.EXE -- (NcpSec)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/06/30 12:22:40 | 000,086,016 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe -- (ncpclcfg)
    SRV - [2008/06/13 04:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
    SRV - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Stopped] -- C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/13 10:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2012/04/13 10:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/07 10:24:12 | 000,152,064 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
    DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2011/05/25 02:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/15 22:05:02 | 000,364,520 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2010/11/15 22:05:00 | 000,121,832 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2010/10/26 14:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/10/06 01:55:10 | 000,179,752 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
    DRV:64bit: - [2010/10/02 08:14:36 | 012,157,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/09/21 12:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/09/01 00:07:06 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/02/23 10:31:32 | 000,151,272 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncplelhp)
    DRV:64bit: - [2010/02/23 10:31:32 | 000,151,272 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncpfilt)
    DRV:64bit: - [2009/12/31 06:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2005/04/13 17:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 7D 79 C6 5D 4C CC 01 [binary data]
    IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.0.3: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.0.3: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/03/27 21:22:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 00:09:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D79099A3-D608-11E1-8270-B8AC6F996F26}: C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}\ [2012/07/24 23:28:52 | 000,000,000 | ---D | M]

    [2012/03/09 19:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allan\AppData\Roaming\Mozilla\Extensions
    [2012/05/02 00:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\extensions
    [2012/03/27 21:41:27 | 000,000,000 | ---D | M] ("Savevid.com Easy Video Downloader") -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\extensions\ffmenu@savevid.com
    [2012/04/26 17:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/24 23:28:52 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ALLAN\APPDATA\LOCAL\{D79099A3-D608-11E1-8270-B8AC6F996F26}
    [2012/08/01 00:09:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/01 00:56:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [msidt] "C:\Windows\System32\rundll32.exe" "C:\Users\Allan\AppData\Roaming\msidt.dll",GetDesc File not found
    O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
    O4 - HKLM..\Run: [agentantidote64.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe (Druide informatique inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe ()
    O4 - HKLM..\Run: [NcpMonitor] C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe (NCP engineering GmbH)
    O4 - HKLM..\Run: [NcpPopup] C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe ()
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKU\S-1-5-21-3441346276-128489596-481474319-1000..\Run: [DUControl] C:\Program Files\DirectUpdate v4\DUControl.exe (WildUP)
    O4 - Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk = File not found
    O4 - Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ECM Engine.lnk = C:\Program Files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe (Brultech Research Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3441346276-128489596-481474319-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm ()
    O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} http://www.myplaydownload.com/HipDigitalDownloadManager.cab (Hip Digital Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lcs.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649}: NameServer = 209.226.175.236,66.158.128.37,198.235.216.130
    O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  8. Allan Yates

    Allan Yates TS Rookie Topic Starter Posts: 16

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/01 23:09:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- d:\Users\Allan\Desktop\OTL.exe
    [2012/08/01 00:58:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/01 00:56:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/01 00:52:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/01 00:52:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/01 00:52:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/01 00:52:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/01 00:52:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/01 00:43:51 | 004,721,982 | R--- | C] (Swearware) -- d:\Users\Allan\Desktop\ComboFix.exe
    [2012/08/01 00:13:12 | 000,000,000 | ---D | C] -- d:\Users\Allan\Desktop\RK_Quarantine
    [2012/08/01 00:13:01 | 004,731,392 | ---- | C] (AVAST Software) -- d:\Users\Allan\Desktop\aswMBR.exe
    [2012/07/31 22:11:43 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Malwarebytes
    [2012/07/31 22:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/31 20:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
    [2012/07/27 00:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/07/26 19:21:09 | 000,000,000 | ---D | C] -- d:\Users\Allan\Desktop\Nicks Europe Photos
    [2012/07/24 23:28:52 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}
    [2012/07/17 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/07/16 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canon MyCameraFiles
    [2012/07/16 06:49:12 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Canon_Inc_IC
    [2012/07/16 06:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon_Inc_IC
    [2012/07/16 06:47:32 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\canon
    [2012/07/16 06:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC

    ========== Files - Modified Within 30 Days ==========

    [2012/08/01 23:09:02 | 000,597,504 | ---- | M] (OldTimer Tools) -- d:\Users\Allan\Desktop\OTL.exe
    [2012/08/01 22:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/01 22:42:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/01 13:42:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/01 08:31:26 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/01 08:31:26 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/01 01:01:49 | 000,801,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/01 01:01:49 | 000,676,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/01 01:01:49 | 000,128,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/01 00:56:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/01 00:56:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/01 00:56:37 | 4277,587,966 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/01 00:43:54 | 004,721,982 | R--- | M] (Swearware) -- d:\Users\Allan\Desktop\ComboFix.exe
    [2012/08/01 00:24:37 | 000,000,512 | ---- | M] () -- d:\Users\Allan\Desktop\MBR.dat
    [2012/08/01 00:13:27 | 004,731,392 | ---- | M] (AVAST Software) -- d:\Users\Allan\Desktop\aswMBR.exe
    [2012/08/01 00:12:51 | 001,552,384 | ---- | M] () -- d:\Users\Allan\Desktop\RogueKiller.exe
    [2012/07/30 08:36:02 | 000,002,034 | -H-- | M] () -- d:\Users\Allan\Documents\Default.rdp
    [2012/07/27 23:36:31 | 000,398,559 | ---- | M] () -- d:\Users\Allan\Desktop\3c.jpeg
    [2012/07/27 20:10:06 | 063,155,958 | ---- | M] () -- d:\Users\Allan\Desktop\TMB Topo Map with Route.bmp
    [2012/07/27 14:01:19 | 063,155,958 | ---- | M] () -- d:\Users\Allan\Desktop\TMB Topo Map.bmp
    [2012/07/23 16:27:47 | 000,491,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/08/01 00:52:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/01 00:52:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/01 00:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/01 00:52:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/01 00:52:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/01 00:19:23 | 000,000,512 | ---- | C] () -- d:\Users\Allan\Desktop\MBR.dat
    [2012/08/01 00:12:51 | 001,552,384 | ---- | C] () -- d:\Users\Allan\Desktop\RogueKiller.exe
    [2012/07/28 00:40:51 | 063,155,958 | ---- | C] () -- d:\Users\Allan\Desktop\TMB Topo Map.bmp
    [2012/07/27 23:35:13 | 000,398,559 | ---- | C] () -- d:\Users\Allan\Desktop\3c.jpeg
    [2012/07/27 18:36:20 | 063,155,958 | ---- | C] () -- d:\Users\Allan\Desktop\TMB Topo Map with Route.bmp
    [2012/04/06 11:30:23 | 000,038,260 | ---- | C] () -- C:\Users\Allan\logo.miff
    [2012/04/06 09:02:22 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2012/04/06 09:02:22 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2012/04/06 09:02:06 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2012/04/06 08:52:58 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012/04/06 08:52:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2012/04/01 12:16:04 | 000,000,218 | ---- | C] () -- C:\Users\Allan\.recently-used.xbel
    [2012/03/28 17:15:36 | 000,005,120 | ---- | C] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/10 13:45:30 | 000,000,000 | ---- | C] () -- C:\Windows\midilib.INI
    [2012/02/07 16:44:19 | 000,000,085 | ---- | C] () -- C:\Windows\Antidote7.ini
    [2012/01/23 19:09:10 | 000,000,148 | -H-- | C] () -- C:\Windows\SysWow64\WN125047.bin
    [2012/01/23 19:09:10 | 000,000,148 | -H-- | C] () -- C:\Windows\AC841540.bin
    [2012/01/02 23:30:12 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
    [2011/10/06 21:22:44 | 000,000,291 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\turing_files.ini
    [2011/09/24 21:33:58 | 000,225,412 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/08/04 21:48:55 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
    [2011/08/04 17:57:30 | 000,007,610 | ---- | C] () -- C:\Users\Allan\AppData\Local\Resmon.ResmonCfg
    [2011/07/27 18:36:20 | 000,817,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/27 18:32:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/07/27 18:24:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/07/27 09:08:29 | 000,798,716 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/07/27 09:08:29 | 000,201,920 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/07/27 09:08:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/05/21 01:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2010/11/20 23:24:22 | 000,027,650 | ---- | C] () -- C:\Windows\SysWow64\eysusys.dll

    ========== LOP Check ==========

    [2012/04/15 22:58:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Autodesk
    [2011/11/10 23:49:30 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Azureus
    [2012/07/16 06:47:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\canon
    [2012/07/16 06:49:12 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Canon_Inc_IC
    [2012/01/11 19:09:04 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/01/10 22:37:33 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2012/01/17 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\com.skinkers.aa
    [2012/01/23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Druide
    [2011/08/04 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Easy Thumbnails
    [2011/11/20 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\FileOpen
    [2012/04/15 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\fltk.org
    [2012/03/05 21:56:59 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\FrontDesign
    [2011/08/05 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\gPhotoShow
    [2012/04/01 12:01:44 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\gtk-2.0
    [2011/08/03 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Helios
    [2011/08/15 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\jAlbum
    [2011/07/27 20:50:30 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\MAXON
    [2012/01/02 23:29:11 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\MyPublisher
    [2011/08/04 11:31:18 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Netscape
    [2012/01/11 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\PDAppFlex
    [2012/07/31 20:26:54 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Photodex
    [2012/04/15 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\PStill
    [2012/06/22 12:48:57 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Research In Motion
    [2011/09/20 19:23:07 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Softland
    [2011/09/01 15:05:26 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\WatchGuard
    [2012/07/30 08:34:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\webex
    [2012/05/20 19:08:18 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:7F80734C
    @Alternate Data Stream - 180 bytes -> d:\Users\Allan\Desktop\3c.jpeg:3or4kl4x13tuuug3Byamue2s4b
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8C35AEA7
    < End of report >
     
  9. Allan Yates

    Allan Yates TS Rookie Topic Starter Posts: 16

    OTL Extras logfile created on: 8/1/2012 11:19:25 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = d:\Users\Allan\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    15.98 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.14% Memory free
    31.96 Gb Paging File | 29.60 Gb Available in Paging File | 92.62% Paging File free
    Paging file location(s): d:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.69 Gb Total Space | 56.72 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 1317.95 Gb Free Space | 70.74% Space Free | Partition Type: NTFS
    Drive F: | 1863.01 Gb Total Space | 684.36 Gb Free Space | 36.73% Space Free | Partition Type: NTFS

    Computer Name: PUGET-87649 | User Name: Allan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [gPhotoShow] -- "C:\Program Files (x86)\gPhotoShow\gPhotoShow.exe" /f "%1" (Gianpaolo Bottin)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [gPhotoShow] -- "C:\Program Files (x86)\gPhotoShow\gPhotoShow.exe" /f "%1" (Gianpaolo Bottin)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
    "9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
    "9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
    "9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
    "9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
    "9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
    "9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
    "9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
    "9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
    "9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
    "9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
    "9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
    "8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
    "10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
    "9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
    "3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
    "3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
    "9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
    "9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
    "9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
    "9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
    "9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
    "9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
    "9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
    "9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
    "9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
    "9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
    "9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
    "8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
    "10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
    "9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
    "3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
    "3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0264E87F-0B98-4882-996C-096AA2A6C1D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{086D3D29-BD67-49A2-96F3-439134B70DC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0BBBD06E-8739-4812-8EE2-AA681DA71FFE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{1519AD4D-E411-41BC-BD1B-CEBABDBAA4A6}" = lport=80 | protocol=6 | dir=in | name=apache webserver |
    "{1A22EC7A-AD9D-4BD2-A35D-55ABDC24B2F4}" = lport=3389 | protocol=6 | dir=in | app=system |
    "{1BFEDEAF-1772-4AE7-BE07-88FAAC513544}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{2078CB1A-7A4D-463F-B0F5-2801D0D64BFF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{22F13453-1E45-496B-A6EA-B50903A16FBB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{257889E0-A93A-4680-9B4F-9044A987288A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{3474BFE8-DC1D-4DBB-96FC-1EA6C060B038}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{38A9F59F-9145-405C-8D3B-CB1201C28522}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3A3B6D7C-191F-4401-BBC8-529ED67D4510}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3CC24135-2D97-4C35-A8EF-9F9770A6434D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4540F77C-C602-498E-983A-52B7099AE557}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{474F1518-C6F7-4B55-AF3B-97539C4F4754}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{530E4A17-97D1-4D67-AB44-3FE10F8E8979}" = rport=445 | protocol=6 | dir=out | app=system |
    "{5B92816A-3D16-463F-A4C3-36559A2AF620}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{874558E6-9E63-4E77-949F-5F583FFA9160}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8B5360EB-A5D8-454A-A5B0-A4D946F4FA42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9A156EA7-357C-4DDE-9831-790949B1929B}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9DFA9C60-978E-47B6-9EE6-1F78443A740A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9FA08A86-F30E-48E9-B27E-E25A202A527B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A072A2A1-53F9-4F15-B00A-B4CF4A0D6F99}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A3461BB5-22AD-42EF-9BD4-CC9777DEDFB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A8AA6793-03B2-42CA-88DC-A8C07573B0A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AC7931F3-59C4-4E70-8593-D2C8B8735432}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B234B6C1-A6B4-4C68-BF59-5B538BADEB21}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{B35796C0-4565-4F2E-AD55-14C9E3294838}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B569D0C9-4024-4350-B076-04DCEB51F3FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BB88C9C6-6E1B-4467-ABFA-954027B23A97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{BBD7EFF0-9EB4-4884-9AC1-428576ACFAB4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{ED4DD9B5-8A1C-49A6-BA76-4B79F2815139}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07FFDA56-F799-46AD-9155-09D615227202}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{08171927-D351-49ED-9C38-6769BFAAD4A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{0AE24F91-CCF4-4D27-8CD1-7433B9AF91EF}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
    "{11B5B6A5-A5BF-461D-A7A1-5417B622643C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{13708D3C-30BF-4946-A752-0D7E551A96AC}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
    "{1A74547B-FD9F-4C52-88C0-A958EF8AE707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1E64A82C-5013-4355-8027-97A146E50F42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{269AB9BA-A3CA-4F2D-9DFF-F6B10AD10386}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{2AFD00E1-FBCA-4B6A-A7ED-000BB66284DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2B8FB67F-7AEA-46AC-8FEC-84786F9795B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2C8D65E1-7E96-45A3-BC40-CE4DEAF28065}" = protocol=6 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
    "{3BB3077F-E3F6-4038-8E54-1AF029D1E691}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3C7CFD72-794D-43CF-8675-139F8A28AA5F}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{3D8DF630-0101-4BA1-AE65-FC9682B1B36C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{435244E4-281F-4DE9-BD2A-393863E07D33}" = protocol=6 | dir=out | app=system |
    "{43C96C32-CAFF-4802-8C9F-598805E448A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4EF59B3D-0659-4893-98B5-534BF299097B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5477173B-E2AB-42EB-A46D-82AF062613E8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{5C6E0004-D9A2-4ABB-80E0-E771FECE3B97}" = protocol=17 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
    "{79751273-3C54-496F-B3DC-057CEBD6CBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
    "{80EE1E01-E294-4E16-90F2-F250446CF73E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{822BDB13-72D0-417E-8A7E-18AFDEBB4DB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8CB44C8B-29FD-45A9-8B8C-791FC6A9F360}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{8D9AB667-2B05-4D00-B87E-11381DD63C97}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8EA832AE-FD3C-4D0F-9CAE-A3DB6B0B8035}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{8EC3BBDA-BB8E-49DD-A4FD-A963F28B1B64}" = protocol=17 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
    "{967336DD-2090-4976-ACF0-E4490A1005DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{97A8C92D-89B7-4A8F-B862-47C3E9C75F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
    "{99F9C4C1-F963-442E-BBA4-3F8F036C0AF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9E7B5671-C599-449C-8D77-9D3671E45204}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{B2418DE8-7AF1-4FC1-B70E-80C95D58F6EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B97DA5B7-50C6-4167-8006-54D7AB9DF1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
    "{BAA71DA3-0B95-4CF8-B2C9-0CB6767511D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C65D9E32-8655-4B1D-A140-A27F1DBA3FF0}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
    "{CADB58BC-0F7D-494E-9B59-E37D1C04F19E}" = protocol=6 | dir=in | app=c:\program files (x86)\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
    "{D6EE6931-5BFC-4C21-9E71-E29711A0FA65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DBA43932-0681-406F-93FE-D902867C194B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EAF92EA3-852D-43A5-BC52-C9BDA60BEA03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EC369A57-55D0-44D5-B407-1CF52F0ACB65}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
    "{F30D0173-A6BD-4A77-80C3-E49282317B3A}" = protocol=17 | dir=in | app=c:\program files (x86)\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
    "TCP Query User{22301796-4ED1-4FD9-97AC-28F8D14A83A0}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |
    "TCP Query User{5CCE6418-78C7-44EE-904A-1EB7779E76BA}C:\program files\crestron\toolbox\vptcomserver.exe" = protocol=6 | dir=in | app=c:\program files\crestron\toolbox\vptcomserver.exe |
    "TCP Query User{A01C448C-683C-4937-ABDA-43841BF98188}C:\program files (x86)\watchguard\mobile vpn\ncpmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\watchguard\mobile vpn\ncpmon.exe |
    "TCP Query User{A34816C6-DF50-4A07-A888-6C8D24DBC848}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |
    "TCP Query User{DEB9F383-1221-41F5-AAA3-8FF4592DCB6A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{1A01D6C1-D61D-43F4-890E-0B9BC9A94917}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
    "UDP Query User{48A0B7D5-9946-47B2-860A-04A6C0F7E4B0}C:\program files (x86)\watchguard\mobile vpn\ncpmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\watchguard\mobile vpn\ncpmon.exe |
    "UDP Query User{5614309D-94C9-4775-84DD-D9D23A8BC155}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |
    "UDP Query User{599B08E9-D646-4876-83D0-8C043F2AB836}C:\program files\crestron\toolbox\vptcomserver.exe" = protocol=17 | dir=in | app=c:\program files\crestron\toolbox\vptcomserver.exe |
    "UDP Query User{6B0A25BD-F23F-4F59-8396-257D0634F0BB}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{860FA5E2-DF36-4BFB-8807-68E688339BE0}" = ActivePerl 5.12.4 Build 1205 (64-bit)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8F52FAFD-0EC6-4DC1-84F7-2B5CDB445B75}" = Brultech Electricity Monitor Dashboard
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{94D463D0-2B13-4181-9512-B27004B1151A}" = Autodesk Revit Architecture 2011 x64
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "900DDDE94EEFE76C6AE6B7E554E4DD2FBF7E9BCD" = Windows Driver Package - Crestron Electronics Inc. (WinUSB) USB (08/27/2009 6.1.7600.16385)
    "Autodesk Revit Architecture 2011 x64" = Autodesk Revit Architecture 2011 x64
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "DirectUpdate_is1" = DirectUpdate
    "MediaInfo" = MediaInfo 0.7.54
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{029A95A8-E814-4760-B5A1-0D46E2D62FB1}" = PHP 5.2.17
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
    "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{32ACB1D7-F25D-49B5-8463-1D8CE354A1CF}" = ReadMyHeart Software
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3ACB6AF7-5C8F-4272-B487-7F6FBBEB8A5A}" = Intel® Solid-State Drive Toolbox
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40247AAC-AB0D-449C-882F-90401C3351E8}" = UltiDev Cassini Web Server Explorer
    "{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
    "{443CBE24-0679-4027-9C36-66F129E009C5}" = Crestron Database
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-290C
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
    "{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6686F38D-1A32-4A8C-94D7-A2AA9C5F3C9B}" = Crestron Device Database
    "{6FCEFE16-0A8E-4F79-A642-49582DD25F3A}" = RealDownloader
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.19
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
    "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B42A6A6-035B-43FC-A7AC-C99F1D084384}" = SIMPL Windows v2.11
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA3983BF-9B72-484E-972A-E47BBAFA9CCA}" = VisionTools Pro-e v4.0
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AFC49757-08F4-44BB-84DF-E218DD75DA88}" = jAlbum
    "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
    "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
    "{CFEDA22F-435D-4891-913A-75B80D8159B8}" = Crestron Toolbox v1.15
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D758ECE8-6579-4CCD-8B1D-8BD3C3275370}" = QLink 4.82
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v5
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}" = UltiDev Cassini Web Server for ASP.NET 2.0
    "{FB97A745-D1E6-435D-B942-264E94F89938}" = SIMPL+ Cross Compiler
    "{FEBE8B16-8288-46CE-BE7C-B6B0F4B62720}" = QLink
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
    "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Apex TIFF to PDF Converter 2.3.8.2" = Apex TIFF to PDF Converter 2.3.8.2
    "Autodesk Design Review 2011" = Autodesk Design Review 2011
    "AWStats" = AWStats
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
    "CameraUserGuide-PSSX210IS" = Canon PowerShot SX210 IS Camera User Guide
    "CameraUserGuide-PSSX260HSandSX240HS" = Canon PowerShot SX260 HS and SX240 HS Camera User Guide
    "CameraWindowDC" = Canon Utilities CameraWindow DC 8
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
    "Easy HTML Autorun Builder" = Easy HTML Autorun Builder
    "Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
    "ECM-1240 EngineG_is1" = ECM-1240 EngineG
    "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
    "Front Panel Designer" = Front Panel Designer
    "FrostWire 5" = FrostWire 5.2.9
    "gPhotoShow_is1" = gPhotoShow Pro v5.2.1
    "GPStill" = PStill PostScript to PDF Converter (remove only)
    "ImageBrowser EX" = Canon Utilities ImageBrowser EX
    "ImageMagick 6.7.6 Q16_is1" = ImageMagick 6.7.6-4 Q16 (2012-04-01)
    "InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "Logitech Media Server_is1" = Logitech Media Server 7.7.0
    "MediaInfo" = MediaInfo 0.7.51 (32-bit)
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "mp3splt" = mp3splt
    "mp3splt-gtk" = mp3splt-gtk
    "mv61xxDriver" = marvell 61xx
    "MWSnap 3" = MWSnap 3
    "NCP RWS/GA" = WatchGuard Mobile VPN
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "OpenAL" = OpenAL
    "OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
    "Personal Printing Guide" = Canon Personal Printing Guide
    "Photodex Presenter" = Photodex Presenter
    "PhotoStitch" = Canon Utilities PhotoStitch
    "ProShow Gold" = ProShow Gold
    "ProShow Producer" = ProShow Producer
    "SaveVid Plug-in" = SaveVid Plug-in
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.8.0.723

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/27/2012 11:04:02 PM | Computer Name = Puget-87649 | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/27 23:04:02.732]: [00009736]: GetDeviceList Failed!
    pStiInfo = 0x0..

    Error - 7/27/2012 11:04:02 PM | Computer Name = Puget-87649 | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/27 23:04:02.732]: [00009736]: ##### Fatal ERROR!!
    Create STI-device failed! #####

    Error - 7/27/2012 11:04:02 PM | Computer Name = Puget-87649 | Source = Brother BrLog | ID = 1001
    Description = TWN BrtTWN: [2012/07/27 23:04:02.733]: [00009736]: Initialize TwdsMain
    Class failed!

    Error - 7/29/2012 1:31:21 AM | Computer Name = Puget-87649 | Source = Winlogon | ID = 4005
    Description = The Windows logon process has unexpectedly terminated.

    Error - 7/29/2012 2:15:21 AM | Computer Name = Puget-87649 | Source = Winlogon | ID = 4005
    Description = The Windows logon process has unexpectedly terminated.

    Error - 7/31/2012 5:56:13 PM | Computer Name = Puget-87649 | Source = WinMgmt | ID = 10
    Description =

    Error - 8/1/2012 12:25:51 AM | Computer Name = Puget-87649 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1f5c Start
    Time: 01cd6f999813b7a2 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: f3efe179-db90-11e1-937d-02004e435049

    Error - 8/1/2012 12:27:28 AM | Computer Name = Puget-87649 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 9d0 Start
    Time: 01cd6f9dbcfb0a7d Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 8/1/2012 12:33:50 AM | Computer Name = Puget-87649 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 12b8 Start
    Time: 01cd6f9df59660fd Termination Time: 27 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 8/1/2012 12:50:56 AM | Computer Name = Puget-87649 | Source = WinMgmt | ID = 10
    Description =

    Error - 8/1/2012 12:58:24 AM | Computer Name = Puget-87649 | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 2/21/2012 7:29:23 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR5.

    Error - 2/21/2012 7:30:59 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR5.

    Error - 2/21/2012 7:30:59 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR5.

    Error - 2/21/2012 7:31:00 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR5.

    Error - 2/21/2012 7:31:00 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR5.

    Error - 2/21/2012 7:31:01 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk2\DR5.

    Error - 2/21/2012 8:00:07 AM | Computer Name = Puget-87649 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:40:01 AM on ?2/?21/?2012 was unexpected.

    Error - 2/21/2012 6:18:13 PM | Computer Name = Puget-87649 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:23:58 AM on ?2/?21/?2012 was unexpected.

    Error - 2/22/2012 10:33:47 PM | Computer Name = Puget-87649 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:05:58 PM on ?2/?22/?2012 was unexpected.

    Error - 2/22/2012 10:34:01 PM | Computer Name = Puget-87649 | Source = BugCheck | ID = 1001
    Description =


    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4:64bit: - HKLM..\Run: [msidt] "C:\Windows\System32\rundll32.exe" "C:\Users\Allan\AppData\Roaming\msidt.dll",GetDesc File not found
      O4 - Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk = File not found
      [2012/01/02 23:30:12 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
      @Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:7F80734C
      @Alternate Data Stream - 180 bytes -> d:\Users\Allan\Desktop\3c.jpeg:3or4kl4x13tuuug3Byamue2s4b
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8C35AEA7
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  11. Allan Yates

    Allan Yates TS Rookie Topic Starter Posts: 16

    Looking at the threats flagged by ESET, they are in backups from the laptop that you noted as previously infected. I will run some of these scanning tools on it. These are both Windows 7 boxes have shares visible to each other. Perhaps a virus on one is writing across to the other?

    OTL Fix
    ======
    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msidt deleted successfully.
    C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk moved successfully.
    C:\ProgramData\pyknfeyt.slj moved successfully.
    ADS C:\ProgramData\TEMP:7F80734C deleted successfully.
    ADS d:\Users\Allan\Desktop\3c.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
    ADS C:\ProgramData\TEMP:8C35AEA7 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Allan
    ->Temp folder emptied: 17045756 bytes
    ->Temporary Internet Files folder emptied: 675296891 bytes
    ->Java cache emptied: 9283755 bytes
    ->FireFox cache emptied: 318679111 bytes
    ->Flash cache emptied: 138965 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 125415616 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
    RecycleBin emptied: 48412840 bytes

    Total Files Cleaned = 1,139.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Allan
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Allan
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 08032012_221406
    Files\Folders moved on Reboot...
    C:\Users\Allan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\Allan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    Registry entries deleted on Reboot...
    FSS
    ===
    Farbar Service Scanner Version: 04-08-2012 01
    Ran by Allan (administrator) on 03-08-2012 at 22:29:39
    Running from "D:\Users\Allan\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****

    TFC
    ===
    Done.

    ESET Online Scanner
    =================
    C:\ProgramData\{C4A867AE-B15C-4B7F-AD27-7F8C13A57518}\SavevidSetupV2.res Win32/Toolbar.SearchSuite application deleted - quarantined
    C:\Qoobox\Quarantine\C\Users\Allan\AppData\Roaming\msidt.dll.vir a variant of Win32/Medfos.BL trojan cleaned by deleting - quarantined
    C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-10-31 200000\Backup Files 2011-11-05 030958\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-10 205729\Backup Files 2011-11-10 205729\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-16 200000\Backup Files 2011-11-16 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-20 200711\Backup Files 2011-11-20 200711\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-25 200001\Backup Files 2011-11-25 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-02 212401\Backup Files 2011-12-02 212401\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-06 213148\Backup Files 2011-12-06 213148\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-12 220651\Backup Files 2011-12-12 220651\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-15 200000\Backup Files 2011-12-15 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-09 210852\Backup Files 2012-01-09 210852\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-15 200001\Backup Files 2012-01-15 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-25 200001\Backup Files 2012-01-25 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-31 204125\Backup Files 2012-01-31 204125\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-08 200001\Backup Files 2012-02-08 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-13 200000\Backup Files 2012-02-13 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-20 200000\Backup Files 2012-02-20 200000\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-26 200712\Backup Files 2012-02-26 200712\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-03-07 200001\Backup Files 2012-03-07 200001\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-03-21 200000\Backup Files 2012-03-21 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-01 200001\Backup Files 2012-04-01 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-08 202335\Backup Files 2012-04-08 202335\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-14 200001\Backup Files 2012-04-14 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-25 200001\Backup Files 2012-04-25 200001\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-05-17 213402\Backup Files 2012-05-17 213402\Backup files 3.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-06-05 203611\Backup Files 2012-06-05 203611\Backup files 3.zip a variant of Win32/InstallCore.D application deleted - quarantined
    D:\Laptop Backup\CHERYL-PC\Backup Set 2012-06-05 203611\Backup Files 2012-06-15 215330\Backup files 1.zip multiple threats deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 1088.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 1146.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 439.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 443.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 464.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 476.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 491.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 505.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 520.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 535.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 550.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 584.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 612.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 637.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 664.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 690.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 718.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 759.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 788.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 812.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 836.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 868.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 897.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 933.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 997.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-16 040000\Backup files 160.zip multiple threats deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 1089.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 1147.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 1183.zip multiple threats deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 440.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 444.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 465.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 477.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 492.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 506.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 521.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 536.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 551.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 585.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 613.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 638.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 665.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 691.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 719.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 760.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 789.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 813.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 837.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 869.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 898.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 934.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 998.zip a variant of Win32/InstallCore.D application deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-07-25 040000\Backup files 1.zip multiple threats deleted - quarantined
    F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-08-01 040000\Backup files 1.zip a variant of Win32/Medfos.BL trojan deleted - quarantined
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    I still need Security Check log.
     
  13. Allan Yates

    Allan Yates TS Rookie Topic Starter Posts: 16

    Sorry...

    SecurityCheck
    ===========
    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    ESET ESET Online Scanner OnlineCmdLineScanner.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 21% Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````
     
  14. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Is your MSE functional?

    ===============================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    The issue seems to be resolved.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.