TechSpot

Win 7 Trojan:DOS/Alureon.A

Solved
By No1Herd
Nov 4, 2012
  1. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    OTL Extras logfile created on: 11/8/2012 9:14:58 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.36% Memory free
    15.85 Gb Paging File | 14.02 Gb Available in Paging File | 88.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.20 Gb Total Space | 29.31 Gb Free Space | 13.43% Space Free | Partition Type: NTFS
    Drive D: | 3.49 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 243.13 Mb Total Space | 242.97 Mb Free Space | 99.94% Space Free | Partition Type: FAT
    Drive F: | 3.72 Gb Total Space | 1.64 Gb Free Space | 44.16% Space Free | Partition Type: FAT32

    Computer Name: FASTE6410 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0043EBBA-13B4-46C7-B3A9-05E6D03D5D48}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{1935148C-7902-4516-9B7C-611FAD36A227}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1F6ED954-2240-4984-9383-94D8F77EEEAF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{23B54600-ACAC-4C7E-9002-4DE1120DA51D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2ADA2321-4C78-479A-8AD8-06BE0D34DF9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{39D4AEA4-6DC4-4F1B-A4DD-8EF44FDBBEA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3DA0179A-2290-42E5-AD74-51DF264B3F18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3E4FD11F-42F9-483D-9BB1-14FDC7756BCD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5010BA95-2995-4AE7-AFCF-5B52E65210D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{54554F8F-F215-4672-9B9B-28B9A2E85D85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{59941506-8469-4DDC-BFAD-FCA396DB6604}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5C675145-27E6-45F7-88C1-DC0365F952C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{74BBA816-DB7E-473E-B529-20CE2F36033C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7C062A74-64E6-4A97-8E40-276782AAC7C8}" = rport=445 | protocol=6 | dir=out | app=system |
    "{81732A79-483A-4ED6-B237-A1DE762F3ED2}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
    "{87456CBC-92CA-487A-9B13-C46BCC994876}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8F62AD37-51C3-4578-A610-3626BC1BACE3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{97192826-E6B1-4DF4-8539-432D71E4142E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{A3F33038-A5A1-4F4C-ABBB-20A585A4DEAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AD930153-BF91-4A77-9DA7-B1D236E78761}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B36C1A97-844F-4604-BA6C-71E97EB0F1C1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B7B8EF74-D83A-4373-AA23-8CCA0AA8144C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{CFE26932-DE7F-4875-ABAB-DE88E7547A83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{E14DA79F-47C6-4F34-8B50-B840B7D7C08F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{E48D232A-5050-4960-B797-809848EDA1F4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{EC86C2A0-AD6B-46C3-B153-D799A5B54C28}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
    "{F82B1B25-9251-4182-9BB0-87D3602F5FFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{039A3DDC-2E11-46D4-8FA5-D1254A766DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
    "{281FA886-1FF6-48B1-9DDA-C394CC6214F0}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrentportable\app\utorrent\utorrent.exe |
    "{3226E309-C873-4F15-A50C-4E8EE8AA9E96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{3373BAE1-DA79-4123-AFC7-71275BFF6E36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{353D6DE3-0EE9-4C94-9498-44B1E6D6219D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{36477570-8AC0-4129-AC17-CB021BD4EA7A}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
    "{3F2D61DA-1C2C-4E38-B970-2920F5526343}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{466D3A9F-7DFC-4ED5-9D51-37013EDBE1C7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{4C655764-AFE8-4A09-9F89-3F9DF5E21AAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{66F711F2-E631-4F53-9C40-216D7414E988}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
    "{6A1E7234-03D8-4FE4-BC29-21E67D738AD6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{6B3C0DF3-D3BA-494A-8DBD-EBB5C5E35C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{7905F962-C42C-4F6E-B4CF-356B8F483512}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
    "{7F92AF6C-51C0-40FC-80B2-F16F49BC07A2}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{8A7B1D43-507F-428C-B2DC-5BDA4E7C9C10}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
    "{901EC7F8-F19B-406E-A752-951B666A6ED2}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
    "{9BE9DE68-4620-433D-94AF-0731FB280666}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A15DD010-A7AF-4FE6-A8F7-79DBBC661F7A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{A5DC1170-051D-4738-AC87-30B172E103AE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A7E9F116-E906-4274-96F3-5DBA3D8CCF73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{AA4D95A1-FEC8-460D-B4DB-1DA38AD5EEB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B21D1020-2566-4C6C-BE83-65F1E4FFFB39}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrentportable\app\utorrent\utorrent.exe |
    "{B8BA518A-1881-4A1B-A328-21DBBF21361D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B98935B6-6F53-47CF-993D-E0C68E3FC89A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{CB50C8F3-517F-43C9-9797-D51260D0970D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{CDA67D5D-4076-42C5-B482-9DFBDD697409}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{CFB70FE5-7ECF-41F8-8F0C-5851B824082D}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
    "{D5F454CB-FE2C-429C-BE53-ED7F7C27F6EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{DA226FE8-45DC-4EAA-97A4-FF20DA46A300}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{DD1DDC24-C750-4213-BDB5-7583298B4692}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{E4E584CC-1AA9-4539-898F-D4DCD25CABE0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{EEBB0FFF-A99C-40EC-ABC4-EC5A47CC73D4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{F363B777-9CC9-4F3F-9A2F-F0087EE6754C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F587556E-5672-46B4-9530-EBA5FD546388}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
    "{F60069AF-4073-42D6-9706-B181C2FB340A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{FCF4A6CA-ABEA-4320-B92E-E716113A5F47}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{FFE9A80E-2D51-4253-934F-E2DF01B6ECDD}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
    "TCP Query User{A798DA22-381F-4343-A021-6A08D66A7F68}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
    "TCP Query User{DEEF61B9-0C1A-4036-8AEF-69F9CFFB8A22}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
    "UDP Query User{81BE3262-1C06-4911-8CF0-3B115704168B}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
    "UDP Query User{F342EDF7-C179-4401-B2C0-E782ABFFF2BD}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{155AB5E8-9913-0409-A7E7-D076DDE2AA6C}" = Autodesk 3ds Max Design 2009 64-bit Architectural Materials Library
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
    "{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit
    "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools
    "{3605AC81-55E5-0409-BB41-0407FB67C639}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 64-bit
    "{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
    "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{5BD1364B-58D6-0409-8633-9B8E8D0AD52F}" = Autodesk 3ds Max Design 2009 64-bit ProMaterials™ Library
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
    "{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 Integration Services
    "{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{7A1FD936-C444-0409-92D2-043B1F4ED886}" = Autodesk 3ds Max Design 2009 64-bit Movies
    "{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8E80AF23-17B4-4611-B28E-68A114B23488}" = Dell ControlVault Host Components Installer 64Bit
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 Integration Services
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools
    "{B7D0751A-3F16-0409-9F9B-FF3DC390F139}" = Autodesk 3ds Max Design 2009 64-bit Vault 2008 Plug-In
    "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
    "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
    "{CD853BA5-AA85-0409-85DC-A805D779DCA8}" = Autodesk 3ds Max Design 2009 64-bit Additional Maps and Material Libraries
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}" = Trapcode Particular
    "{EC2280DF-BBAF-0409-9359-BCCD15545FFB}" = Autodesk 3ds Max Design 2009 64-bit
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA3E35E2-F088-0409-A563-C96430FF73F6}" = Autodesk 3ds Max Design 2009 64-bit Vault 2009 Plug-In
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PROSetDX" = Intel(R) Network Connections 15.2.89.0
     
  2. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{118071AB-6572-4FAD-A1FD-67264C994350}" = e-Sword
    "{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{21CBD20D-D287-49AF-8866-E5653E45AC5C}" = TurboTax 2010 wwviper
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.11.01.02
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B02512C-E4C0-464F-B21C-85035AE88B33}" = Fast Enterprises Add-in Manager for VS 2005-2010
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{565DE707-5798-4FC3-8DF6-0F58A348A9B0}" = Adobe Premiere Pro CS5 Third Party Royalty Content
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
    "{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
    "{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{FA8FCCB3-0BFC-4730-9C7F-68270287C968}" = Cisco AnyConnect Diagnostics and Reporting Tool
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "BitTorrent" = BitTorrent
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
    "Cisco Connect" = Cisco Connect
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "CouponBar5.0.0.5" = CouponBar
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FLV Player2.0.25" = FLV Player
    "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
    "InstallShield_{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}" = Trapcode Particular
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "MiniTool Power Data Recovery_is1" = MiniTool Power Data Recovery
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
    "RaceTab 3.0" = RaceTab 3.0
    "RaceTab_3_0" = RaceTab 3.0
    "SelectRebatesUninstall" = ShopAtHome.com Toolbar
    "TurboTax 2010" = TurboTax 2010
    "Undelete 360_is1" = Undelete 360
    "WinRAR archiver" = WinRAR 4.01 (32-bit)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "3852d0ddc010faea" = Bagels
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/6/2012 12:03:29 AM | Computer Name = FastE6410 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/7/2012 10:14:43 PM | Computer Name = FastE6410 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 11/7/2012 10:15:28 PM | Computer Name = FastE6410 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 11/7/2012 10:59:04 PM | Computer Name = FastE6410 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 8f8 Start
    Time: 01cdbd5cbc7b7ffc Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 11/7/2012 11:15:04 PM | Computer Name = FastE6410 | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 9e4 Start
    Time: 01cdbd5d02e29a15 Termination Time: 40 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 11/8/2012 12:29:52 AM | Computer Name = FastE6410 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/8/2012 8:47:41 AM | Computer Name = FastE6410 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 11/8/2012 8:48:25 AM | Computer Name = FastE6410 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 11/8/2012 8:49:51 AM | Computer Name = FastE6410 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 11/8/2012 8:50:35 AM | Computer Name = FastE6410 | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 5/16/2012 7:23:56 PM | Computer Name = FastE6410 | Source = WLAN-Tray | ID = 0
    Description = 19:23:56, Wed, May 16, 12 Error - Unable to gain access to user store

    Error - 7/4/2012 2:06:47 PM | Computer Name = FastE6410 | Source = WLAN-Tray | ID = 0
    Description = 14:06:46, Wed, Jul 04, 12 Error - Unable to gain access to user store

    Error - 8/27/2012 9:50:36 PM | Computer Name = FastE6410 | Source = WLAN-Tray | ID = 0
    Description = 21:50:36, Mon, Aug 27, 12 Error - Unable to gain access to user store

    Error - 11/3/2012 2:54:07 PM | Computer Name = FastE6410 | Source = WLAN-Tray | ID = 0
    Description = 14:54:07, Sat, Nov 03, 12 Error - Unable to gain access to user store

    [ Cisco AnyConnect Secure Mobility Client Events ]
    Error - 10/31/2012 8:54:59 AM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 10/31/2012 8:54:59 AM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 10/31/2012 9:27:14 PM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
    Line:
    1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
    An existing connection was forcibly closed by the remote host.

    Error - 10/31/2012 9:27:14 PM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
    Line:
    1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
    unknown

    Error - 10/31/2012 9:27:14 PM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
    Line:
    873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
    Description:
    SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

    Error - 10/31/2012 9:27:14 PM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
    832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
    (0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

    Error - 10/31/2012 9:27:14 PM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
    Line:
    1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
    connection was forcibly closed by the remote host.

    Error - 10/31/2012 9:27:14 PM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
    Line:
    384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
    (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

    Error - 11/7/2012 10:10:39 PM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
    Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

    Error - 11/8/2012 9:13:40 AM | Computer Name = FastE6410 | Source = acvpnagent | ID = 67108866
    Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
    Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

    [ GenTax.NET Events ]
    Error - 2/16/2011 4:17:42 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggBomBas | ID = 0
    Description =

    Error - 2/16/2011 4:18:00 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTAPP, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    Error - 2/16/2011 4:18:00 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTSYS, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    Error - 2/16/2011 4:18:00 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTSYS, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    Error - 2/16/2011 4:18:00 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTSYS, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    Error - 2/16/2011 4:18:00 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggBomBas | ID = 0
    Description =

    Error - 2/16/2011 4:44:25 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTAPP, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    Error - 2/16/2011 4:44:25 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTSYS, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    Error - 2/16/2011 4:44:25 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTSYS, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    Error - 2/16/2011 4:44:25 PM | Computer Name = FastE6410.fastenterprises.com | Source = ggSql | ID = 0
    Description = Exception in ggSqlCnn.CreateConnection for Database: V8D_GTSYS, User:
    , Error: Login failed. The login is from an untrusted domain and cannot be used
    with Windows authentication.

    [ System Events ]
    Error - 11/7/2012 12:41:25 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7000
    Description = The Cisco AnyConnect Secure Mobility Agent service failed to start
    due to the following error: %%1053

    Error - 11/7/2012 12:41:43 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
    Server Browser service to connect.

    Error - 11/7/2012 12:41:43 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7000
    Description = The SQL Server Browser service failed to start due to the following
    error: %%1053

    Error - 11/7/2012 12:42:35 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7043
    Description = The Group Policy Client service did not shut down properly after receiving
    a preshutdown control.

    Error - 11/7/2012 12:42:37 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7038
    Description = The CryptSvc service was unable to log on as NT Authority\NetworkService
    with the currently configured password due to the following error: %%50 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 11/7/2012 12:42:37 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7000
    Description = The Cryptographic Services service failed to start due to the following
    error: %%1069

    Error - 11/7/2012 10:09:45 PM | Computer Name = FastE6410 | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 11/8/2012 12:05:44 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/8/2012 12:06:54 AM | Computer Name = FastE6410 | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/8/2012 12:07:57 AM | Computer Name = FastE6410 | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  3. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    Currently the only thing I am noticing strange is that when surfing going from page to page it keeps saying I am leaving a secure connection even when I am only surfing a news site.... definitely not on a secure connection
     
  4. Broni

    Broni Malware Annihilator Posts: 48,033   +271

  5. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    Just removed MSE must have missed it this morning. Is there anything else I need to do?
     
  6. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://ra.wv.gov/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/11/04 15:02:00 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 998 bytes -> C:\ProgramData\Microsoft:9DP3BwPu4OqZrx4Ip8XG
      @Alternate Data Stream - 88 bytes -> C:\Users\Administrator\Documents\Underwater title sequence.mp4:SummaryInformation
      @Alternate Data Stream - 1187 bytes -> C:\Program Files\Common Files\System:ERljqFUW0CqNTCx7MR
      @Alternate Data Stream - 1045 bytes -> C:\ProgramData\Microsoft:a8a0aGfewdUOsRFvcLG6V
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  7. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Starting removal of ActiveX control {55963676-2F5E-4BAF-AC28-CF26AA587566}
    C:\Windows\Downloaded Program Files\vpnweb.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{55963676-2F5E-4BAF-AC28-CF26AA587566}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55963676-2F5E-4BAF-AC28-CF26AA587566}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{55963676-2F5E-4BAF-AC28-CF26AA587566}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55963676-2F5E-4BAF-AC28-CF26AA587566}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ADS C:\ProgramData\Microsoft:9DP3BwPu4OqZrx4Ip8XG deleted successfully.
    ADS C:\Users\Administrator\Documents\Underwater title sequence.mp4:SummaryInformation deleted successfully.
    ADS C:\Program Files\Common Files\System:ERljqFUW0CqNTCx7MR deleted successfully.
    ADS C:\ProgramData\Microsoft:a8a0aGfewdUOsRFvcLG6V deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 1641046 bytes
    ->Temporary Internet Files folder emptied: 35104673 bytes
    ->Java cache emptied: 11987080 bytes
    ->FireFox cache emptied: 45914846 bytes
    ->Flash cache emptied: 111641 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 21988 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045667 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 125.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11082012_225216
    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F70E8HJW\ads[4].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CR6M30C6\page-3[1].htm moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  8. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    McAfee VirusScan Enterprise
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    McAfee AntiSpyware Enterprise Module
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 30
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader X 10.0.1 Adobe Reader out of Date!
    Mozilla Firefox (3.6.13) Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  9. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    Farbar Service Scanner Version: 07-11-2012
    Ran by Administrator (administrator) on 08-11-2012 at 23:07:29
    Running from "C:\Users\Administrator\Downloads"
    Microsoft Windows 7 Enterprise Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  10. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    # AdwCleaner v2.007 - Logfile created 11/08/2012 at 23:11:16
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
    # User : Administrator - FASTE6410
    # Boot Mode : Normal
    # Running from : C:\Users\Administrator\Downloads\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\65zcteee.default\extensions\ffxtlbr@babylon.com
    ***** [Registry] *****
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v3.6.13 (en-US)
    Profile name : default
    File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\65zcteee.default\prefs.js
    C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\65zcteee.default\user.js ... Deleted !
    Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=0[...]
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109935");
    Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 24);
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
    Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
    Deleted : user_pref("extensions.BabylonToolbar.id", "0e15faf1000000000000c446195fde0d");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15454");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=109935&babsrc=KW[...]
    Deleted : user_pref("extensions.BabylonToolbar.lastDP", 24);
    Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.178:46:48");
    Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
    Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
    Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 81747915);
    Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
    Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
    Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.178:46:48");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "0e15faf1000000000000c446195fde0d");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "0e15faf1000000000000c446195fde0d");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15454");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:46:48");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109935&babsrc=KW_ss&mntrId=0e15faf1000000[...]
    *************************
    AdwCleaner[S1].txt - [12123 octets] - [08/11/2012 23:11:16]
    ########## EOF - C:\AdwCleaner[S1].txt - [12184 octets] ##########
     
  11. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    When running eset it locked up the computer but I let it run all night the screen was black in the morning and unresponsive. I had to reboot and now my network adapter is not working.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Post new FSS log.
     
  13. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    I'll send that to you tomorrow I am out currently. Thanks
     
  14. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 11 days old)
    Ran by SYSTEM at 10-11-2012 17:22:27
    Running from F:\stuff
    Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
    ==================== Services (Whitelisted) ===================
    4 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-06-08] (Autodesk)
    4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
    4 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
    4 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
    4 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
    4 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
    2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
    4 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
    2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation)
    2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
    4 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
    2 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)
    2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [475088 2011-09-09] (Cisco Systems, Inc.)
    ==================== Drivers (Whitelisted) =====================
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
    1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-10 14:09 - 2012-11-10 14:09 - 00000000 ____D C:\FRST
    2012-11-10 11:43 - 2012-11-10 11:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG8
    2012-11-10 11:32 - 2012-11-10 11:36 - 00000000 ____D C:\Users\Administrator\Desktop\New folder (3)
    2012-11-08 21:11 - 2012-11-08 21:11 - 00002120 ____A C:\scu.dat
    2012-11-08 20:22 - 2012-11-08 20:22 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-11-08 20:17 - 2012-11-08 20:17 - 00448512 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
    2012-11-08 20:07 - 2012-11-08 20:07 - 00002158 ____A C:\Users\Administrator\Downloads\FSS.txt
    2012-11-08 20:05 - 2012-11-08 20:05 - 00694507 ____A (Farbar) C:\Users\Administrator\Downloads\FSS.exe
    2012-11-08 19:58 - 2012-11-08 19:58 - 00881833 ____A C:\Users\Administrator\Downloads\SecurityCheck.exe
    2012-11-08 19:52 - 2012-11-08 19:52 - 00000000 ____D C:\_OTL
    2012-11-08 06:19 - 2012-11-08 06:19 - 00108494 ____A C:\Users\Administrator\Downloads\Extras.Txt
    2012-11-08 06:19 - 2012-11-08 06:19 - 00071182 ____A C:\Users\Administrator\Downloads\OTL.Txt
    2012-11-08 06:12 - 2012-11-08 06:12 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe
    2012-11-08 05:00 - 2012-11-08 05:01 - 00000582 ____A C:\Windows\wininit.ini
    2012-11-07 20:10 - 2012-11-07 20:10 - 00040552 ____A C:\ComboFix.txt
    2012-11-07 20:02 - 2012-11-07 20:10 - 00000000 ____D C:\Qoobox
    2012-11-07 20:02 - 2012-11-07 20:08 - 00000000 ____D C:\Windows\erdnt
    2012-11-07 20:02 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-11-07 20:02 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-11-07 20:02 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-11-07 20:02 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-11-07 20:02 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-11-07 20:02 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-11-07 20:02 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-11-07 20:02 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-11-07 19:59 - 2012-11-06 17:47 - 04997881 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
    2012-11-07 19:21 - 2012-11-07 19:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2012-11-07 19:20 - 2012-11-07 19:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-07 19:20 - 2012-11-07 19:20 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-07 19:20 - 2012-11-07 19:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-07 19:20 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-07 19:18 - 2012-11-07 19:19 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.65.1.1000.exe
    2012-11-07 19:09 - 2012-11-07 19:09 - 00002865 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_11072012_02d2209.txt
    2012-11-07 19:09 - 2012-11-07 19:09 - 00002800 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_11072012_02d2209.txt
    2012-11-07 19:08 - 2012-11-07 19:08 - 00662016 ____A C:\Users\Administrator\Downloads\RogueKiller.exe
    2012-11-07 19:07 - 2012-11-07 19:09 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2012-11-07 00:45 - 2012-11-07 00:45 - 00153266 ____A C:\KasperskyRescueDisk10.txt
    2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
    2012-11-05 17:59 - 2012-11-06 19:40 - 00000000 ____D C:\Stuff
    2012-11-04 20:59 - 2012-11-04 21:00 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
    2012-11-04 13:54 - 2012-11-04 06:24 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
    2012-11-04 13:35 - 2012-11-04 13:34 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
    2012-11-04 13:10 - 2012-11-04 13:09 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-11-04 13:03 - 2012-11-04 13:01 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
    2012-11-04 12:29 - 2012-11-04 12:56 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
    2012-11-03 13:48 - 2012-11-03 13:48 - 00000000 ____D C:\Windows\pss
    2012-11-03 13:40 - 2012-11-08 17:30 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-11-03 13:39 - 2012-11-03 13:40 - 00000000 ____D C:\d2f0698d88b3cc6c3cb9a2
    2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
    2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
    2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
    2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
    2012-10-18 18:11 - 2012-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\e-Sword
    2012-10-18 18:11 - 2012-10-18 18:12 - 00000000 ____D C:\Users\Administrator\Documents\e-Sword
    2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
    2012-10-18 17:58 - 2012-10-18 18:09 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
    ==================== 3 Months Modified Files ==================
    2012-11-10 14:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-10 14:13 - 2009-07-13 20:51 - 00056748 ____A C:\Windows\setupact.log
    2012-11-10 14:11 - 2011-02-08 08:38 - 02093450 ____A C:\Windows\WindowsUpdate.log
    2012-11-10 14:11 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-10 14:11 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-10 14:09 - 2009-07-13 21:13 - 00877772 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-08 21:11 - 2012-11-08 21:11 - 00002120 ____A C:\scu.dat
    2012-11-08 20:17 - 2012-11-08 20:17 - 00448512 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
    2012-11-08 20:07 - 2012-11-08 20:07 - 00002158 ____A C:\Users\Administrator\Downloads\FSS.txt
    2012-11-08 20:05 - 2012-11-08 20:05 - 00694507 ____A (Farbar) C:\Users\Administrator\Downloads\FSS.exe
    2012-11-08 19:58 - 2012-11-08 19:58 - 00881833 ____A C:\Users\Administrator\Downloads\SecurityCheck.exe
    2012-11-08 19:53 - 2011-02-08 11:01 - 00214136 ____A C:\Windows\PFRO.log
    2012-11-08 17:30 - 2012-11-03 13:40 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-11-08 06:19 - 2012-11-08 06:19 - 00108494 ____A C:\Users\Administrator\Downloads\Extras.Txt
    2012-11-08 06:19 - 2012-11-08 06:19 - 00071182 ____A C:\Users\Administrator\Downloads\OTL.Txt
    2012-11-08 06:12 - 2012-11-08 06:12 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe
    2012-11-08 05:01 - 2012-11-08 05:00 - 00000582 ____A C:\Windows\wininit.ini
    2012-11-07 20:10 - 2012-11-07 20:10 - 00040552 ____A C:\ComboFix.txt
    2012-11-07 20:07 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-11-07 19:20 - 2012-11-07 19:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-07 19:19 - 2012-11-07 19:18 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.65.1.1000.exe
    2012-11-07 19:09 - 2012-11-07 19:09 - 00002865 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_11072012_02d2209.txt
    2012-11-07 19:09 - 2012-11-07 19:09 - 00002800 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_11072012_02d2209.txt
    2012-11-07 19:08 - 2012-11-07 19:08 - 00662016 ____A C:\Users\Administrator\Downloads\RogueKiller.exe
    2012-11-07 18:09 - 2012-03-24 16:44 - 00022593 ____A C:\aaw7boot.log
    2012-11-07 00:45 - 2012-11-07 00:45 - 00153266 ____A C:\KasperskyRescueDisk10.txt
    2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
    2012-11-06 17:47 - 2012-11-07 19:59 - 04997881 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
    2012-11-04 21:00 - 2012-11-04 20:59 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
    2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
    2012-11-04 13:34 - 2012-11-04 13:35 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
    2012-11-04 13:09 - 2012-11-04 13:10 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2012-11-04 13:01 - 2012-11-04 13:03 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
    2012-11-04 12:56 - 2012-11-04 12:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
    2012-11-04 06:24 - 2012-11-04 13:54 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
    2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
    2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
    2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
    2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
    2012-10-31 18:31 - 2011-02-08 10:25 - 00093064 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-10-31 17:29 - 2009-07-13 20:45 - 04931480 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-10-20 06:52 - 2012-03-27 06:51 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
    2012-10-20 06:52 - 2012-03-27 06:51 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
    2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
    2012-10-18 18:09 - 2012-10-18 17:58 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
    2012-10-10 23:04 - 2011-02-08 12:59 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
    2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
    2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
    2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip
    2012-09-29 16:54 - 2012-11-07 19:20 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-14 11:19 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-04 20:07 - 2012-09-04 20:07 - 00000755 ____A C:\Users\Administrator\Documents\appleuids.txt
    2012-09-04 20:07 - 2012-09-04 20:05 - 93221790 ____A C:\Users\Administrator\Downloads\Rxdzz.txt
    2012-09-04 19:30 - 2012-09-04 19:30 - 00010828 ____A C:\Users\Administrator\Documents\NFL.xlsx
    2012-08-31 10:19 - 2012-10-09 16:30 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:03 - 2012-10-09 16:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-09 16:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-09 16:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-24 10:05 - 2012-10-09 16:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-09 16:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-10-02 04:56 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-10-02 04:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-10-02 04:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-10-02 04:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-10-02 04:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-10-02 04:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-10-02 04:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-10-02 04:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-10-02 04:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-10-02 04:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-10-02 04:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-10-02 04:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-10-02 04:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-10-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-10-02 04:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-10-02 04:56 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-10-02 04:56 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-10-02 04:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-10-02 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-10-02 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-10-02 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-10-02 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-10-02 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-10-02 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-10-02 04:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-10-02 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-10-02 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-10-02 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-12 04:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 04:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-27 12:38 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 10:48 - 2012-10-09 16:31 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-09 16:31 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-09 16:31 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-09 16:31 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-09 16:31 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-09 16:31 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-09 16:31 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-09 16:31 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-09 16:31 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-11-07 19:58:18
    Restore point made on: 2012-11-08 04:52:35
    Restore point made on: 2012-11-08 05:03:34
    Restore point made on: 2012-11-08 05:04:56
    Restore point made on: 2012-11-10 12:01:04
    ==================== Memory info ===========================
    Percentage of memory in use: 10%
    Total physical RAM: 8117.84 MB
    Available physical RAM: 7250.95 MB
    Total Pagefile: 8116.04 MB
    Available Pagefile: 7247.97 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:218.2 GB) (Free:29.44 GB) NTFS
    2 Drive e: (WIN7SP1ULTX64) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF
    3 Drive f: (4 GB) (Removable) (Total:3.72 GB) (Free:1.64 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:14.65 GB) (Free:14.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 3820 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 14 GB 40 MB
    Partition 3 Primary 218 GB 14 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 14 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 218 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3816 MB 4032 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F 4 GB FAT32 Removable 3816 MB Healthy
    =========================================================
    Last Boot: 2012-11-05 20:00
    ==================== End Of Log =============================
     
  15. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    I got the wireless working again after multiple reboots it started working again... I will try the online scan again
     
  16. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Good news :)
     
  17. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    C:\Users\Administrator\Downloads\cnet_pdr6free_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
     
  18. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Update Adobe Flash Player
    Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
    Download for [/b]Firefox, Opera and other Gecko-based browsers[/b]: http://www.filehippo.com/download_flashplayer_firefox_64/

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    ============================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ==========================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  19. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 448447 bytes
    ->Temporary Internet Files folder emptied: 225891076 bytes
    ->Java cache emptied: 1880 bytes
    ->FireFox cache emptied: 3655779 bytes
    ->Flash cache emptied: 3418 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4964 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 219.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 11102012_214517
    Files\Folders moved on Reboot...
    C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WQDD9RF\page-4[1].htm moved successfully.
    C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11ZRIR82\ads[8].htm moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  20. No1Herd

    No1Herd TS Rookie Topic Starter Posts: 45

    The computer seems to be running well. Thank you so much for your help. I am very impressed
     
  21. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Yes!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.