TechSpot

Sirefef.# strikes again

Inactive
By abks26
Jul 30, 2012
  1. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    This is the log file for the detected threats. I saved the Automatic Report, but the problem was that it ended up being 384mbs. I had to save it as a CSV and it almost crashed Excel. It's impossible to copy and paste.

    It took 9 hours to complete. Still no change with the Task Manager. I only put on the internet briefly for the Kaspersky thing, but other than that... I haven't bothered to put it on otherwise. I'm going to try to save my documents onto the external drive. It doesn't seem infected (that GRE file has been on it for quite some time). I don't think I ever opened that file.

    Task Manager is still not opening up.

    Status: Vulnerability (events: 26)
    8/11/2012 2:35:42 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/49489c:\Program Files (x86)\iTunes\iTunes.exeLow
    8/11/2012 11:04:37 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/49472C:\Program Files (x86)\Java\jre6\bin\java.exeLow
    8/11/2012 10:38:32 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/49472C:\Program Files\Java\jre6\bin\java.exeLow
    8/11/2012 2:56:27 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457c:\program files\Adobe\adobe photoshop cs5 (64 bit)\photoshop.exeLow
    8/11/2012 2:35:49 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457c:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exeLow
    8/11/2012 10:53:40 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exeLow
    8/11/2012 10:34:27 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exeLow
    8/11/2012 2:33:52 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48448c:\Users\Anne\AppData\Roaming\Google\Google Talk\googletalk.exeLow
    8/11/2012 9:16:28 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48448C:\Documents and Settings\Anne\Application Data\Google\Google Talk\googletalk.exeLow
    8/11/2012 9:15:16 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48448C:\Documents and Settings\Anne\AppData\Roaming\Google\Google Talk\googletalk.exeLow
    8/11/2012 2:56:45 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118c:\program files (x86)\Adobe\adobe illustrator cs5\support files\Contents\Windows\illustrator.exeLow
    8/11/2012 2:35:40 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118c:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exeLow
    8/11/2012 10:51:00 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exeLow
    8/11/2012 10:49:18 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Flash CS5\AILib.dllLow
    8/11/2012 10:48:11 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5\plugins\com.adobe.flexide.nativelibs_1.0.0.273393\libs\AILib.dllLow
    8/11/2012 10:42:57 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\AILib.dllLow
    8/11/2012 10:50:25 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\Release\FlashPlayer.exeLow
    8/11/2012 10:50:16 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\Debug\FlashPlayerDebugger.exeLow
    8/11/2012 10:50:12 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\FlashPlayer.exeLow
    8/11/2012 10:47:41 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5\player\win\FlashPlayer.exeLow
    8/11/2012 10:43:35 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\player\win\FlashPlayer.exeLow
    8/11/2012 2:56:45 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126c:\program files (x86)\Adobe\adobe indesign cs5\InDesign.exeLow
    8/11/2012 2:35:40 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126c:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exeLow
    8/11/2012 10:56:44 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126C:\Program Files (x86)\Common Files\Adobe\Shell\CS5\icons.dllLow
    8/11/2012 10:51:05 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exeLow
    8/11/2012 10:36:42 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126C:\Program Files\Common Files\Adobe\Shell\CS5\icons.dllLow
    Status: Deleted (events: 4)
    8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rar//GRE Bible v2.1/GRE Bible.rar//GRE Bible/GreBible.CAB//GreBible.exeHigh
    8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rar//GRE Bible v2.1/GRE Bible.rar//GRE Bible/GreBible.CABHigh
    8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rar//GRE Bible v2.1/GRE Bible.rarHigh
    8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rarHigh
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
     
  3. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-12 06:27:43
    -----------------------------
    06:27:43.758 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:27:43.758 Number of processors: 4 586 0x2A07
    06:27:43.759 ComputerName: ANNE UserName: Anne
    06:27:52.151 Initialize success
    06:28:39.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    06:28:39.681 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
    06:28:39.706 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\O2SDJRDR1Port1Path0Target0Lun0
    06:28:39.707 Disk 1 Vendor: O2Micro_ 0001 Size: 1882MB BusType: 16
    06:28:39.742 Disk 0 MBR read successfully
    06:28:39.748 Disk 0 MBR scan
    06:28:39.756 Disk 0 Windows VISTA default MBR code
    06:28:39.797 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    06:28:39.834 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
    06:28:39.873 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
    06:28:40.063 Disk 0 scanning C:\Windows\system32\drivers
    06:28:53.031 Service scanning
    06:29:55.612 Modules scanning
    06:29:55.630 Disk 0 trace - called modules:
    06:29:55.644
    06:29:55.656 Scan finished successfully
    06:31:50.103 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    06:31:50.244 The log file has been saved successfully to "F:\aswMBRlog.txt"
     
  4. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    Okay, so I ended up having the blue screen of death when I just left my computer open to get something to drink. It restarted automatically and put me into safe mode (I had a hard time getting the computer to go into Safe Mode)

    In safe mode, I was able to go into Task Manager successfully. So I also redid the ASW thing again and it ended up being different. I'm just going to leave the computer on safe mode (hopefully it'll let me do that). I'm not going to go into normal mode.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-12 06:59:39
    -----------------------------
    06:59:39.472 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:59:39.472 Number of processors: 4 586 0x2A07
    06:59:39.472 ComputerName: ANNE UserName: Anne
    06:59:40.190 Initialize success
    06:59:45.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    06:59:45.494 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
    06:59:45.510 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\O2SDJRDR1Port1Path0Target0Lun0
    06:59:45.510 Disk 1 Vendor: O2Micro_ 0001 Size: 1882MB BusType: 16
    06:59:45.525 Disk 0 MBR read successfully
    06:59:45.525 Disk 0 MBR scan
    06:59:45.541 Disk 0 Windows VISTA default MBR code
    06:59:45.541 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    06:59:45.541 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
    06:59:45.556 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
    06:59:45.603 Disk 0 scanning C:\Windows\system32\drivers
    06:59:51.906 Service scanning
    07:00:54.306 Modules scanning
    07:00:54.306 Disk 0 trace - called modules:
    07:00:54.337 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    07:00:54.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052ad060]
    07:00:54.353 3 CLASSPNP.SYS[fffff880025a343f] -> nt!IofCallDriver -> [0xfffffa8005142cb0]
    07:00:54.353 5 stdcfltn.sys[fffff880024e1c52] -> nt!IofCallDriver -> [0xfffffa800476db20]
    07:00:54.353 7 ACPI.sys[fffff880019997a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004772050]
    07:00:54.368 Scan finished successfully
    07:01:21.231 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    07:01:21.309 The log file has been saved successfully to "F:\aswMBR2.txt"
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Man...time to pull out the power tools... :D

    Please download 7-Zip and install it. If you already have it, no need to reinstall.

    Then, download RootkitUnhooker and save the setup to your Desktop.

    • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
    • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
    • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
    • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
    • Once inside the interface, do not fix anything. Click on the Report tab.
    • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
    • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
    • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
     
  6. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    Thanks for the help, Dragon! I have some good news and bad news. Bad news is that I couldn't run Rootkit Unhooker at ALL. It doesn't run in Safe Mode so I logged in regular mode (internet disabled) and ran into an error message. I also noticed that a random Kaspersky.exe wanted to run (with a weird numerical number attached). Of course I said NOPE!

    Now the good news. I was reading up on viruses and what not and decided to redo some of the scans that didn't work out for me. I ended up redoing AVAST since I remember that I wasn't connected to the internet at the time. I got into Safe Mode (since Normal Mode is a disaster) with Networking, updated, and got this:

    It looks like I got Reveton.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-13 21:37:55
    -----------------------------
    21:37:55.939 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:37:55.939 Number of processors: 4 586 0x2A07
    21:37:55.939 ComputerName: ANNE UserName: Anne
    21:37:57.904 Initialize success
    21:38:02.756 AVAST engine defs: 12081301
    21:38:06.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:38:06.125 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
    21:38:06.141 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\O2SDJRDR1Port1Path0Target0Lun0
    21:38:06.141 Disk 1 Vendor: O2Micro_ 0001 Size: 1882MB BusType: 16
    21:38:06.172 Disk 0 MBR read successfully
    21:38:06.172 Disk 0 MBR scan
    21:38:06.172 Disk 0 Windows VISTA default MBR code
    21:38:06.188 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    21:38:06.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
    21:38:06.235 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
    21:38:06.281 Disk 0 scanning C:\Windows\system32\drivers
    21:38:31.928 Service scanning
    21:39:21.240 Modules scanning
    21:39:21.739 Disk 0 trace - called modules:
    21:39:21.786 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
    21:39:21.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052a7060]
    21:39:21.786 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800513bcb0]
    21:39:21.801 5 stdcfltn.sys[fffff88001b86c52] -> nt!IofCallDriver -> [0xfffffa8004760800]
    21:39:21.801 7 ACPI.sys[fffff880011b37a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004765050]
    21:39:22.971 AVAST engine scan C:\Windows
    21:39:41.332 AVAST engine scan C:\Windows\system32
    21:44:00.215 AVAST engine scan C:\Windows\system32\drivers
    21:44:09.466 AVAST engine scan C:\Users\Anne
    21:46:09.274 File: C:\Users\Anne\AppData\Local\Temp\update00.b.exe **INFECTED** Win32:Reveton-CM [Trj]
    21:53:13.517 AVAST engine scan C:\ProgramData
    21:55:02.545 Scan finished successfully
    21:57:16.237 Disk 0 MBR has been saved successfully to "C:\Users\Anne\Desktop\MBR.dat"
    21:57:16.269 The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBRnew.txt"
     
  7. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    I was also able to do this scan. I tried re-doing Kaspersky, but that didn't come up with anything. I haven't done anything but scan/save logs and keeping it in safe mode with no internet. I don't want the virus to try to download more random crap on me.


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.13.07

    Windows 7 Service Pack 1 x64 FAT (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Anne :: ANNE [administrator]

    8/13/2012 10:15:05 PM
    mbam-log-2012-08-13 (23-12-51).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 460721
    Time elapsed: 48 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Program Files (x86)\Adobe\Adobe Flash CS5\FlashIK.dll (Trojan.Agent) -> No action taken.
    C:\Users\Anne\AppData\Local\Temp\update00.b.exe (Trojan.Inject) -> No action taken.
    C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> No action taken.

    (end)
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Are you able to do RootkitUnhooker?
     
  9. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    Nope, I can't do Rootkit Unhooker at all. It doesn't work in Safe Mode and when I go into Windows Normal Mode, it gave me this error.


     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    GMER

    Note about this tool:
    • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
    • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
    • No matter what is in the log, please post all the information/contents of the log.
    • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

    Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

    Double-click gmer.exe. The program will begin to run.

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click NO
    • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
    • Now click the Scan button.
      Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
    • Save it where you can easily find it, such as your desktop.
    Post the contents of GMER.txt in your next reply.
     
  11. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-15 23:01:07
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x45 0xFF 0x58 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xFB 0x58 0xCB ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x75 0x86 0x53 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x45 0xFF 0x58 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xFB 0x58 0xCB ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x75 0x86 0x53 ...

    ---- EOF - GMER 1.0.15 ----
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let me know of anymore issues...

    Scan with Malwarebytes' Anti-Malware

    Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
     
  13. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    Still have the Google redirect links (like a cockroach that won't die!), but I can FINALLY go into my Task Manager and look at what's running in my background.

    Windows Defender is still not working (error message).


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.16.10

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Anne :: ANNE [administrator]

    8/16/2012 8:15:00 PM
    mbam-log-2012-08-16 (20-15-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220656
    Time elapsed: 2 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Anne\AppData\Local\Temp\update00.b.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

    (end)
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  15. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    OTL logfile created on: 8/17/2012 7:55:29 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Anne\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.88 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 66.34% Memory free
    7.77 Gb Paging File | 6.22 Gb Available in Paging File | 80.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.11 Gb Total Space | 31.55 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
    Drive E: | 3.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 1.84 Gb Total Space | 0.08 Gb Free Space | 4.34% Space Free | Partition Type: FAT

    Computer Name: ANNE | User Name: Anne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/08/17 19:54:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
    PRC - [2012/04/26 08:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/12/17 11:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2010/12/03 19:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/03 19:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2010/08/13 21:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
    PRC - [2010/03/12 11:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2010/03/06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Anne\AppData\Roaming\Google\Google Talk\googletalk.exe
    PRC - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/12/17 11:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
    SRV:64bit: - [2011/03/04 17:13:20 | 003,427,696 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/01/20 12:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV:64bit: - [2011/01/15 15:00:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2010/11/03 17:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2010/10/28 15:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV:64bit: - [2010/10/28 15:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/09/22 01:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
    SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/07/20 12:46:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/12/03 19:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/03 19:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/07/13 15:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
    SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/27 11:50:22 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/28 14:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/23 17:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/01/15 15:00:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2011/01/15 14:59:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/01/06 00:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
    DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
    DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/28 11:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/08/24 18:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/09/16 17:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/06/04 14:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV - [2012/08/13 21:09:06 | 000,035,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\trS37xfH.sys -- (trS37xfH)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
    IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@talkbean.com/TBLPlugin: C:\Program Files (x86)\talkbeanLIVE2\npTBLPlugin.dll (Interpark Communications Korea)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/12/04 23:13:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 17:30:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 12:47:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/05 09:25:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{215B6270-D699-11E1-8270-B8AC6F996F26}: C:\Users\Anne\AppData\Local\{215B6270-D699-11E1-8270-B8AC6F996F26}\ [2012/07/25 16:41:42 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 12:47:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/05 09:25:56 | 000,000,000 | ---D | M]

    [2011/12/04 22:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\Mozilla\Extensions
    [2012/05/02 17:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\exlzpcgg.default\extensions
    [2012/04/27 00:29:46 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\exlzpcgg.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2012/03/19 09:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/19 02:27:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/25 16:41:42 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ANNE\APPDATA\LOCAL\{215B6270-D699-11E1-8270-B8AC6F996F26}
    [2012/07/20 12:46:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/03/05 09:25:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/07/20 12:46:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/07/20 12:46:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: talkbeanLIVE2 Plugin (Enabled) = C:\Program Files (x86)\talkbeanLIVE2\npTBLPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Anne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: B\u00FAsqueda de Google = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Skype Click to Call = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
    CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\
    CHR - Extension: Gmail = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/02 08:57:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645" File not found
    O4 - HKCU..\Run: [googletalk] C:\Users\Anne\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47ECA915-9F81-485D-B669-CDA2228B7E53}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7283793-CDDD-410D-8BE3-150729689297}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  16. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/17 19:53:58 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
    [2012/08/15 21:56:55 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\gmer
    [2012/08/13 21:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
    [2012/08/13 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MustBeRandomlyNamed
    [2012/08/13 21:07:57 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\RkU3.8.389.593
    [2012/08/13 07:56:05 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
    [2012/08/13 07:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/13 07:55:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/13 07:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/13 07:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/12 07:10:52 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\August 2012
    [2012/08/12 07:05:49 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\New folder
    [2012/08/12 06:27:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Anne\Desktop\aswMBR.exe
    [2012/08/11 07:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/09 00:33:52 | 000,000,000 | ---D | C] -- C:\Users\Anne\DoctorWeb
    [2012/08/05 12:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/08/02 09:03:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/02 08:57:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/01 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/07/31 08:16:28 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\RK_Quarantine
    [2012/07/30 17:24:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
    [2012/07/30 17:11:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/30 17:11:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/30 17:11:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/30 17:11:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/30 17:11:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/30 15:44:32 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\Anne\Desktop\ComboFix.exe
    [2012/07/30 05:23:00 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/30 00:50:07 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.03E86C6D05C1E43F
    [2012/07/30 00:42:35 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.58886290833A4289
    [2012/07/30 00:35:46 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.2C31D00BBF6CF89F
    [2012/07/30 00:31:45 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.211AFBF5E4391C5E
    [2012/07/30 00:25:05 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.47B664D89E53D58B
    [2012/07/30 00:11:09 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.887F2746A8C90C90
    [2012/07/29 23:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/29 23:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/29 22:38:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/25 16:41:42 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{215B93C0-D699-11E1-8270-B8AC6F996F26}
    [2012/07/25 16:41:42 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\{215B6270-D699-11E1-8270-B8AC6F996F26}

    ========== Files - Modified Within 30 Days ==========

    [2012/08/17 19:54:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
    [2012/08/17 19:53:53 | 000,782,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/17 19:53:53 | 000,662,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/17 19:53:53 | 000,122,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/17 19:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/17 10:55:59 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/17 10:55:59 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/17 10:48:18 | 3127,558,144 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/15 21:53:48 | 000,294,216 | ---- | M] () -- C:\Users\Anne\Desktop\gmer.zip
    [2012/08/13 23:17:53 | 000,644,686 | ---- | M] () -- C:\Users\Anne\Desktop\mozilla august bookmarks.html
    [2012/08/13 21:57:16 | 000,000,512 | ---- | M] () -- C:\Users\Anne\Desktop\MBR.dat
    [2012/08/13 21:09:06 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\trS37xfH.sys
    [2012/08/13 20:59:44 | 000,634,925 | ---- | M] () -- C:\Users\Anne\Desktop\RkU3.8.389.593.rar
    [2012/08/13 20:59:28 | 001,376,768 | ---- | M] () -- C:\Users\Anne\Desktop\7z920-x64.msi
    [2012/08/13 07:55:55 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/12 06:54:54 | 526,380,955 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/12 06:24:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Anne\Desktop\aswMBR.exe
    [2012/08/11 19:57:48 | 403,797,750 | ---- | M] () -- C:\Users\Anne\Desktop\as report.csv
    [2012/08/11 09:02:50 | 083,023,306 | ---- | M] () -- C:\ProgramData\00etadpu.pad
    [2012/08/11 07:40:14 | 141,851,192 | ---- | M] () -- C:\Users\Anne\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
    [2012/08/09 14:07:54 | 000,004,537 | ---- | M] () -- C:\Users\Anne\Desktop\DrWeb.csv
    [2012/08/09 00:10:30 | 091,165,152 | ---- | M] () -- C:\Users\Anne\Desktop\drweb-cureit.exe
    [2012/08/05 12:32:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/05 12:32:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/08/02 08:57:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/02 08:42:45 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\Anne\Desktop\ComboFix.exe
    [2012/07/31 08:14:16 | 001,552,384 | ---- | M] () -- C:\Users\Anne\Desktop\RogueKiller.exe
    [2012/07/30 15:20:48 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
    [2012/07/30 00:50:07 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.03E86C6D05C1E43F
    [2012/07/30 00:42:35 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.58886290833A4289
    [2012/07/30 00:35:46 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.2C31D00BBF6CF89F
    [2012/07/30 00:31:45 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.211AFBF5E4391C5E
    [2012/07/30 00:25:05 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.47B664D89E53D58B
    [2012/07/30 00:11:09 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.887F2746A8C90C90
    [2012/07/30 00:00:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/29 23:59:22 | 000,796,678 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== Files Created - No Company Name ==========

    [2012/08/15 21:56:49 | 000,294,216 | ---- | C] () -- C:\Users\Anne\Desktop\gmer.zip
    [2012/08/13 23:17:51 | 000,644,686 | ---- | C] () -- C:\Users\Anne\Desktop\mozilla august bookmarks.html
    [2012/08/13 21:57:16 | 000,000,512 | ---- | C] () -- C:\Users\Anne\Desktop\MBR.dat
    [2012/08/13 21:09:06 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\trS37xfH.sys
    [2012/08/13 21:06:46 | 001,376,768 | ---- | C] () -- C:\Users\Anne\Desktop\7z920-x64.msi
    [2012/08/13 21:06:46 | 000,634,925 | ---- | C] () -- C:\Users\Anne\Desktop\RkU3.8.389.593.rar
    [2012/08/13 07:55:55 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/11 19:52:59 | 403,797,750 | ---- | C] () -- C:\Users\Anne\Desktop\as report.csv
    [2012/08/11 07:53:52 | 141,851,192 | ---- | C] () -- C:\Users\Anne\Desktop\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
    [2012/08/10 15:54:36 | 083,023,306 | ---- | C] () -- C:\ProgramData\00etadpu.pad
    [2012/08/09 14:07:54 | 000,004,537 | ---- | C] () -- C:\Users\Anne\Desktop\DrWeb.csv
    [2012/08/09 00:05:50 | 091,165,152 | ---- | C] () -- C:\Users\Anne\Desktop\drweb-cureit.exe
    [2012/07/31 08:14:21 | 001,552,384 | ---- | C] () -- C:\Users\Anne\Desktop\RogueKiller.exe
    [2012/07/30 17:11:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/30 17:11:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/30 17:11:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/30 17:11:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/30 17:11:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/30 15:20:48 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/07/29 23:59:24 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/10 19:54:07 | 000,000,215 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\My Profile.xml
    [2012/07/08 17:56:04 | 000,000,106 | ---- | C] () -- C:\Windows\EWF645.ini
    [2011/12/24 00:26:27 | 000,001,186 | ---- | C] () -- C:\Users\Anne\Downloads - Shortcut.lnk
    [2011/12/13 15:59:08 | 000,000,132 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/06/18 19:37:10 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/06/18 19:37:08 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/06/18 19:37:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/06/18 19:27:43 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
    [2011/06/18 19:21:01 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2011/02/10 10:33:46 | 000,796,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/08/19 18:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 12:46:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 12:46:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 12:46:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/20 12:46:59 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 12:46:59 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 12:46:59 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/18 19:34:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/18 19:34:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/18 19:34:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/20 12:46:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/20 12:46:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/20 12:46:50 | 000,865,776 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/20 12:46:59 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/20 12:46:59 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/20 12:46:59 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/18 19:34:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/18 19:34:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/18 19:34:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
     
  17. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/08/13 21:09:06 | 000,035,712 | ---- | M] () -- C:\Windows\system32\drivers\trS37xfH.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2012/07/08 18:22:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
    [2011/12/20 18:54:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AC3Filter
    [2011/12/04 23:06:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2011/12/04 22:56:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Media Player
    [2011/11/25 01:30:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
    [2012/01/19 01:55:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity
    [2011/11/19 14:28:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
    [2011/11/25 01:27:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
    [2011/06/18 19:23:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
    [2012/08/05 12:43:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2012/05/06 09:41:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
    [2011/06/18 19:36:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
    [2012/07/08 08:30:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Pro
    [2011/06/18 19:23:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
    [2011/06/18 19:32:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
    [2012/04/11 14:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
    [2012/07/08 18:06:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
    [2012/07/08 18:07:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Epson America Inc
    [2012/07/08 18:26:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Epson Software
    [2012/08/01 16:39:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
    [2011/12/18 19:17:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Fluenz
    [2011/06/18 19:27:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gemalto
    [2012/07/08 18:09:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2011/06/18 19:28:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
    [2012/07/12 06:55:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2012/03/13 14:26:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
    [2012/03/05 09:25:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2011/12/12 19:50:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JDownloader
    [2012/08/13 07:55:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/19 14:28:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
    [2011/12/13 16:24:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2011/12/13 16:26:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
    [2012/07/29 23:59:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/05/10 03:33:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2011/12/13 16:26:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2011/12/13 16:26:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
    [2011/12/13 16:26:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
    [2011/12/13 16:24:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2011/12/13 16:26:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2012/02/23 13:51:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mobipocket.com
    [2012/07/20 12:47:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/07/22 16:48:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2011/12/13 16:27:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2011/11/25 02:05:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
    [2012/08/15 01:34:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MustBeRandomlyNamed
    [2011/12/04 22:55:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Company Name
    [2011/06/18 19:23:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NTRU Cryptosystems
    [2011/06/18 19:20:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\O2Micro
    [2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2011/06/18 19:47:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
    [2012/01/19 02:27:44 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
    [2011/06/18 19:19:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\STMicroelectronics
    [2012/01/19 02:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\talkbeanLIVE2
    [2009/07/14 00:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
    [2011/12/05 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2011/06/18 19:42:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2010/11/20 23:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

    < %appdata%\*.* >
    [2012/06/09 18:04:16 | 000,000,132 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2012/07/10 19:54:09 | 000,000,215 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\My Profile.xml

    < MD5 for: AFD.SYS >
    [2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2010/11/20 23:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache86\cryptsvc.dll
    [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
    [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2010/11/20 23:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\erdnt\cache64\cryptsvc.dll
    [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
    [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [2010/11/20 23:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/24 01:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2011/06/18 20:59:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
    [2011/06/18 20:59:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2011/06/18 20:59:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2010/11/20 23:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
    [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
    [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2012/06/28 06:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
    [2012/07/10 00:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
    [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
    [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 23:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
    [2010/11/20 23:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\erdnt\cache64\netman.dll
    [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
    [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
    [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
    [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
    [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/09/29 13:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
    [2010/11/20 23:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
    [2012/03/30 06:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
    [2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
    [2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\erdnt\cache64\tcpip.sys
    [2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
    [2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
    [2011/04/25 02:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
    [2011/06/18 20:59:55 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
    [2011/06/18 20:59:55 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
    [2011/09/29 12:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

    < MD5 for: TDX.SYS >
    [2010/11/20 23:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\erdnt\cache64\tdx.sys
    [2010/11/20 23:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
    [2010/11/20 23:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 23:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 23:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 23:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
    [2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
    [2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
    [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
    [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

    < End of report >
     
  18. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    OTL Extras logfile created on: 8/17/2012 7:55:29 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Anne\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.88 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 66.34% Memory free
    7.77 Gb Paging File | 6.22 Gb Available in Paging File | 80.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.11 Gb Total Space | 31.55 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
    Drive E: | 3.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 1.84 Gb Total Space | 0.08 Gb Free Space | 4.34% Space Free | Partition Type: FAT

    Computer Name: ANNE | User Name: Anne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{280B1D29-6EC4-4336-A4E0-3E9974F6A2EF}" = protocol=6 | dir=in | app=c:\users\anne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{573D6FDC-8CC3-40AC-9017-38101827E1A7}" = protocol=17 | dir=in | app=c:\users\anne\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{122AE68D-8265-4E4A-ACFD-FB0343C388C1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{C091D69D-5197-4C8D-8986-1BC3402F1E09}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{D6F0CB0F-96E9-4B0E-B386-25817166D3BD}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{4C6EC903-A025-457D-8139-8E5DF631237B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{9EC767AD-7631-484A-A5DD-3F5CDBB1BD7F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{FE655410-6B3D-4978-AE2C-B507171BFFEF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
    "{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit
    "{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.1
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F52ABC1D-5EA4-4FDD-8E5F-CA31428570C0}" = Wave Infrastructure Installer
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "PROSetDX" = Intel(R) Network Connections 15.7.176.1
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{62FD90F6-4230-4D89-A720-7D79DBDDA5B7}_is1" = talkbeanLIVE2
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "5513-1208-7298-9440" = JDownloader 0.9
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Audacity_is1" = Audacity 1.2.6
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "Dell Webcam Central" = Dell Webcam Central
    "DivX Setup" = DivX Setup
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "ESET Online Scanner" = ESET Online Scanner v3
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04
    "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/3/2012 10:08:39 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2012 10:08:39 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 11186

    Error - 8/3/2012 10:08:39 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 11186

    Error - 8/3/2012 10:08:40 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2012 10:08:40 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 12184

    Error - 8/3/2012 10:08:40 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 12184

    Error - 8/3/2012 10:08:41 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2012 10:08:41 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 13182

    Error - 8/3/2012 10:08:41 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 13182

    Error - 8/3/2012 10:08:42 AM | Computer Name = Anne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ Broadcom Wireless LAN Events ]
    Error - 6/30/2012 6:38:29 AM | Computer Name = Anne | Source = WLAN-Tray | ID = 0
    Description = 06:38:29, Sat, Jun 30, 12 Error - Unable to set enhanced country code


    Error - 7/8/2012 8:31:24 AM | Computer Name = Anne | Source = WLAN-Tray | ID = 0
    Description = 08:31:24, Sun, Jul 08, 12 Error - Unable to set enhanced country code


    Error - 7/12/2012 12:37:52 AM | Computer Name = Anne | Source = WLAN-Tray | ID = 0
    Description = 00:37:52, Thu, Jul 12, 12 Error - Unable to gain access to user store


    Error - 7/24/2012 12:27:04 PM | Computer Name = Anne | Source = WLAN-Tray | ID = 0
    Description = 12:27:03, Tue, Jul 24, 12 Error - Unable to gain access to user store


    Error - 7/30/2012 1:16:07 AM | Computer Name = Anne | Source = WLAN-Tray | ID = 0
    Description = 01:16:07, Mon, Jul 30, 12 Error - Unable to set enhanced country code


    [ System Events ]
    Error - 5/3/2012 3:07:31 PM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/3/2012 5:11:28 PM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/4/2012 1:46:57 AM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/4/2012 9:25:19 AM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/4/2012 5:58:24 PM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/5/2012 1:06:11 PM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/6/2012 9:00:10 AM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/7/2012 10:03:06 AM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/8/2012 7:23:48 PM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0

    Error - 5/10/2012 3:35:03 AM | Computer Name = Anne | Source = Service Control Manager | ID = 7001
    Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
    service which failed to start because of the following error: %%0


    < End of report >
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  20. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    I think I did something dumb because I did not find the log file for the ESET at all. I opened up notepad and saw

    But I saw the threats and had used Bing to search on them prior (another laptop) so I have the names of what was on the system. I had Win32/OpenCandy (Daemon Tools) and two Java Exploits

    Java Exploit CVE 2012-1723
    Java Exploit CVE 2011-3544
     
  21. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    Also, they were removed from the system. Windows Defender was listed as running against the program, but the problem is that I can't do anything to disable it (I get the error message)
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran CCleaner
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  23. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    I still get redirected in Google (Firefox). Other than that, all is well.

    Results of screen317's Security Check version 0.99.46
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Rootkit Unhooker LE 3.8 SR 2
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader X 10.1.1 Adobe Reader out of Date!
    Mozilla Firefox (14.0.1)
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Oh goodness me. :p

    Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

    Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click Yes to the Optional_Scan
    • Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
    • Close the program window, and delete the program from your Desktop.
     
  25. abks26

    abks26 TS Rookie Topic Starter Posts: 41

    LOL, I think I'm going to do a clean install and call it a day. I have the Professional ISO and my product key. I'll format the drive and be done! Would this thing survive a Windows reformat and reinstall??? Lawd, I'm so tired.

    I'm going to transfer all my files to an external (documents, pictures, music). Do you think the virus could have migrated? I've checked my external drives with all the AV's and it's been clean.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.