Solved GoogleDoubleClick infection an IE outgoing connect attempts

A

Allan Yates

Posts: 16   +0
Links from Google searches are being intermittantly redirected to undesirable websites and sometimes to googledoubleclicks. Also, Malwarebytes is reporting IE attempting outbound connections to certain IP addresses.

2012/07/31 23:46:56 -0400 PUGET-87649 Allan IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 7913, Process: iexplore.exe)
2012/07/31 23:46:56 -0400 PUGET-87649 Allan IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 7914, Process: iexplore.exe)

Windows 7, running Microsoft Security Essentials.

Malwarebytes Scan Log
==================
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.01.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Allan :: PUGET-87649 [administrator]
Protection: Enabled
7/31/2012 10:16:27 PM
mbam-log-2012-07-31 (22-16-27).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 574434
Time elapsed: 37 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER Log
=========
<None produced>

DDS Log
=======
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Allan at 23:57:00 on 2012-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16362.11670 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DHCP Server\dhcpsrv.exe
C:\Program Files\DirectUpdate v4\DUEngine.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DirectUpdate v4\DUControl.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~3.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.ca/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DUControl] "C:\Program Files\DirectUpdate v4\DUControl.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
mRun: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
mRun: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
mRun: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
mRun: [NcpMonitor] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Allan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DEALFI~1.LNK - C:\Program Files (x86)\AA\DealFinder\DealFinder\DealFinder.exe
StartupFolder: C:\Users\Allan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ECMENG~1.LNK - C:\Program Files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} - hxxp://www.myplaydownload.com/HipDigitalDownloadManager.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://lcs.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab
TCP: Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649} : NameServer = 209.226.175.236,66.158.128.37,198.235.216.130
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
mRun-x64: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
mRun-x64: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
mRun-x64: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
mRun-x64: [NcpMonitor] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" autorun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\Allan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys --> C:\Windows\system32\DRIVERS\mv61xx.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-5-20 20549]
R2 DHCPServer;DHCP Server;C:\Program Files (x86)\DHCP Server\dhcpsrv.exe [2011-8-14 102400]
R2 DirectUpdate;DirectUpdate engine;C:\Program Files\DirectUpdate v4\DUEngine.exe [2011-8-3 324336]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-27 13592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-31 655944]
R2 ncpclcfg;ncpclcfg;C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe [2012-3-26 86016]
R2 ncprwsnt;ncprwsnt;C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2012-3-26 1389576]
R2 NcpSec;NcpSec;C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPSEC.EXE [2012-3-26 97280]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-2-9 31408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-21 378472]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-27 2655768]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-15 1436424]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 136176]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 ncpfilt;WatchGuard Filter;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\system32\DRIVERS\tap0801.sys --> C:\Windows\system32\DRIVERS\tap0801.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-01 03:56:45 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03C8C74C-C178-4140-A58D-BE8A80F4C278}\mpengine.dll
2012-08-01 02:11:43 -------- d-----w- C:\Users\Allan\AppData\Roaming\Malwarebytes
2012-08-01 02:11:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-01 02:11:36 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-01 02:11:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-30 20:38:02 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-25 03:28:52 -------- d-----w- C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}
2012-07-25 03:28:50 466432 ----a-w- C:\Users\Allan\AppData\Roaming\msidt.dll
2012-07-21 15:50:10 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-16 10:49:12 -------- d-----w- C:\Users\Allan\AppData\Roaming\Canon_Inc_IC
2012-07-16 10:48:46 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2012-07-16 10:47:23 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2012-07-03 17:13:56 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E06F6F0-3E7C-4866-A264-704845D84282}\gapaengine.dll
.
==================== Find3M ====================
.
2012-07-27 12:52:26 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 12:52:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 23:57:12.73 ===============

DDS Attach Log
============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2011 8:57:28 AM
System Uptime: 7/31/2012 5:54:13 PM (6 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8H67-M EVO
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 27.193 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1317.952 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 1863 GiB total, 688.958 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: TAP-Win32 Adapter V8
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider
Name: TAP-Win32 Adapter V8
PNP Device ID: ROOT\NET\0000
Service: tap0801
.
==== System Restore Points ===================
.
RP415: 7/24/2012 4:38:15 PM - Windows Update
RP416: 7/25/2012 4:00:04 AM - Windows Backup
RP417: 7/26/2012 4:00:05 AM - Windows Backup
RP418: 7/27/2012 4:00:04 AM - Windows Backup
RP419: 7/28/2012 4:00:05 AM - Windows Backup
RP420: 7/28/2012 4:37:55 PM - Windows Update
RP421: 7/29/2012 4:00:05 AM - Windows Backup
RP422: 7/30/2012 4:00:04 AM - Windows Backup
RP423: 7/31/2012 4:00:05 AM - Windows Backup
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0.1
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.3)
Adobe SVG Viewer 3.0
Adobe Widget Browser
Antidote HD
Apache HTTP Server 2.2.19
Apex TIFF to PDF Converter 2.3.8.2
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Autodesk Design Review 2011
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
AWStats
BlackBerry Desktop Software 7.0
Brother MFL-Pro Suite MFC-290C
Camtasia Studio 7
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX210 IS Camera User Guide
Canon PowerShot SX260 HS and SX240 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Crestron Database
Crestron Device Database
Crestron Toolbox v1.15
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5.4 Limited Edition
Easy HTML Autorun Builder
Easy Thumbnails (Remove only)
ECM-1240 EngineG
FotoFusion v5
Free WMA to MP3 Converter 1.16
Front Panel Designer
FrostWire 5.2.9
GnuWin32: Wget-1.11.4-1
Google Earth
Google Update Helper
GoToMeeting 4.8.0.723
gPhotoShow Pro v5.2.1
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
ImageMagick 6.7.6-4 Q16 (2012-04-01)
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel® Solid-State Drive Toolbox
jAlbum
Java Auto Updater
Java(TM) 6 Update 31
Logitech Media Server 7.7.0
Malwarebytes Anti-Malware version 1.62.0.1300
marvell 61xx
MediaInfo 0.7.51 (32-bit)
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
mp3splt
mp3splt-gtk
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MWSnap 3
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenVPN 2.0.9-gui-1.0.3
Pazera Free MP4 to AVI Converter 1.6
Photodex Presenter
PHP 5.2.17
PL-2303 USB-to-Serial
ProShow Gold
ProShow Producer
PStill PostScript to PDF Converter (remove only)
QLink
QLink 4.82
QuickTime
ReadMyHeart Software
RealDownloader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
SaveVid Plug-in
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SIMPL Windows v2.11
SIMPL+ Cross Compiler
TextPad 5
TurboTax 2011
UltiDev Cassini Web Server Explorer
UltiDev Cassini Web Server for ASP.NET 2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VisionTools Pro-e v4.0
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
WatchGuard Mobile VPN
WebEx
.
==== Event Viewer Messages From Past Week ========
.
7/31/2012 9:28:47 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
7/31/2012 9:28:47 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.
7/31/2012 9:28:47 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
7/31/2012 9:28:46 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Nitro Reader Driver 2 required for printer Nitro PDF Creator 2 (Reader) is unknown. Contact the administrator to install the driver before you log in again.
7/31/2012 9:28:41 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again.
7/31/2012 9:28:40 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.
7/31/2012 9:28:39 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver RICOH Aficio MP 2851 PCL 5e required for printer !!ottas14a!RICOH 2851 PCL 5e is unknown. Contact the administrator to install the driver before you log in again.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Same computer as here: https://www.techspot.com/community/topics/win-7-siref-y-infection.181941/ ?

======================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
No, that previous thread was from my wife's laptop, used also by the kids. This PC is my main home desktop. I am very careful with it, and I think it only got infected in the last day or so. I don't download random programs, don't do P2P, etc. I'm at a loss as to how it got infected with MSE active at all times. Even the kids haven't been at home for a couple of weeks :)

Rogue Killer Report
===============
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Allan [Admin rights]
Mode: Scan -- Date: 08/01/2012 00:13:24
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 8 ¤¤¤
[BLACKLIST DLL] HKLM\[...]\Run : msidt ("C:\Windows\System32\rundll32.exe" "C:\Users\Allan\AppData\Roaming\msidt.dll",GetDesc) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649} : NameServer (209.226.175.236,66.158.128.37,198.235.216.130) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649} : NameServer (209.226.175.236,66.158.128.37,198.235.216.130) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSC2MH120A2 ATA Device +++++
--- User ---
[MBR] 6c0c8f50d73eaca9e0fd67ad6fb59718
[BSP] c66af5eea8b51d0ab2563cc6c4cd275b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] ddecf894b166a8094f4dc1f806817945
[BSP] 09e0223b9e55e5a5296ad4bc78312dba : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: ST320005 42AS USB Device +++++
--- User ---
[MBR] 4bad91225c4899b3e2cbe9372d9eab39
[BSP] d4bdc7276c80afcbfb42bb7be7c7be12 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt


aswMBR Log
==========
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 00:13:47
-----------------------------
00:13:47.994 OS Version: Windows x64 6.1.7601 Service Pack 1
00:13:47.994 Number of processors: 8 586 0x2A07
00:13:47.994 ComputerName: PUGET-87649 UserName: Allan
00:13:48.473 Initialize success
00:16:14.527 AVAST engine defs: 12073102
00:16:41.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:16:41.501 Disk 0 Vendor: INTEL_SSDSC2MH120A2 PPG4 Size: 114473MB BusType: 3
00:16:41.502 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
00:16:41.503 Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
00:16:41.505 Disk 0 MBR read successfully
00:16:41.506 Disk 0 MBR scan
00:16:41.508 Disk 0 Windows 7 default MBR code
00:16:41.510 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:16:41.525 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
00:16:41.555 Disk 0 scanning C:\Windows\system32\drivers
00:16:45.924 Service scanning
00:16:56.697 Modules scanning
00:16:56.697 Disk 0 trace - called modules:
00:16:56.699 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:16:56.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d878790]
00:16:56.699 3 CLASSPNP.SYS[fffff88001fb743f] -> nt!IofCallDriver -> [0xfffffa800d5c4580]
00:16:56.699 5 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d5c1060]
00:16:57.136 AVAST engine scan C:\Windows
00:17:00.601 AVAST engine scan C:\Windows\system32
00:18:46.161 AVAST engine scan C:\Windows\system32\drivers
00:18:52.050 AVAST engine scan C:\Users\Allan
00:19:23.996 Disk 0 MBR has been saved successfully to "d:\Users\Allan\Desktop\MBR.dat"
00:19:24.045 The log file has been saved successfully to "d:\Users\Allan\Desktop\aswMBR.txt"
00:21:30.181 AVAST engine scan C:\ProgramData
00:23:25.199 Scan finished successfully
00:24:37.715 Disk 0 MBR has been saved successfully to "d:\Users\Allan\Desktop\MBR.dat"
00:24:37.851 The log file has been saved successfully to "d:\Users\Allan\Desktop\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix Log File
==============
ComboFix 12-07-30.03 - Allan 08/01/2012 0:53.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16362.14162 [GMT -4:00]
Running from: d:\users\Allan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-2816\perl514.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\17d0b152e63e6bfe81b4b19588538896\mro.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\3b7106dd14676048b10bbb09a990f74c\XS.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\44727051c604ef6b79894b64d4c63832\Expat.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\7f177c338672436e01c4f0bdbcf94491\EV.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\7f2598c08178217a0e2c754f3d568f28\Byte.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\951e8057c3fe65524966ea64dff289ac\Scan.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\b6bd87c968599725b8ab2e5c25d3046a\API.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\b979ace6da01e63d651cce9ee2474fdc\Name.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\bc147d83c7c868eeee67082dcf55430c\File.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c344fd5536724b2af2e6453833b60203\SHA1.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\c668a322917d32a5ea22894518aa9897\Base64.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d0bf009923f29116535c26d228271d6d\Scan.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
c:\users\Allan\AppData\Local\Temp\pdk-Allan-3140\perl514.dll
c:\users\Allan\AppData\Roaming\msidt.dll
c:\users\Allan\g2mdlhlpx.exe
c:\windows\SysWow64\tmp81BC.tmp
c:\windows\SysWow64\tmp81BD.tmp
d:\users\Allan\Documents\~WRL0204.tmp
d:\users\Allan\Documents\~WRL0478.tmp
d:\users\Allan\Documents\~WRL2372.tmp
d:\users\Allan\Documents\~WRL2375.tmp
d:\users\Allan\Documents\~WRL2383.tmp
d:\users\Allan\Documents\~WRL3279.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 03:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03C8C74C-C178-4140-A58D-BE8A80F4C278}\mpengine.dll
2012-08-01 02:11 . 2012-08-01 02:11 -------- d-----w- c:\users\Allan\AppData\Roaming\Malwarebytes
2012-08-01 02:11 . 2012-08-01 02:11 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 20:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-27 04:12 . 2012-07-27 04:12 -------- d-----w- c:\programdata\McAfee
2012-07-25 03:28 . 2012-07-25 03:28 -------- d-----w- c:\users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}
2012-07-21 15:50 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 10:49 . 2012-07-16 10:49 -------- d-----w- c:\users\Allan\AppData\Roaming\Canon_Inc_IC
2012-07-16 10:48 . 2012-07-16 10:48 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2012-07-16 10:47 . 2012-07-16 10:47 -------- d-----w- c:\users\Allan\AppData\Roaming\canon
2012-07-16 10:47 . 2012-07-16 10:47 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-07-03 17:13 . 2012-02-10 22:22 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E06F6F0-3E7C-4866-A264-704845D84282}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 12:52 . 2012-04-06 13:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 12:52 . 2011-08-03 23:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 15:48 . 2011-07-27 22:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 05:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 05:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 05:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 05:21 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 05:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 05:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-13 22:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 22:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 22:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DUControl"="c:\program files\DirectUpdate v4\DUControl.exe" [2011-03-03 52464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"agentantidote.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" [2012-02-23 943168]
"agentantidote64.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" [2012-02-23 77888]
"NcpBudgetGui"="c:\program files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" [2010-01-29 1032192]
"NcpPopup"="c:\program files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" [2010-01-13 579072]
"NcpMonitor"="c:\program files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" [2010-02-24 6637056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
.
c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DealFinder.lnk - c:\program files (x86)\AA\DealFinder\DealFinder\DealFinder.exe [N/A]
ECM Engine.lnk - c:\program files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe [2011-8-4 1748992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-4 113664]
Logitech Media Server Tray Tool.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2011-11-11 3051619]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-8-4 303456]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2011-5-20 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 49152]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 ALSysIO;ALSysIO;c:\users\Allan\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-16 1436424]
R3 GPU-Z;GPU-Z;c:\users\Allan\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 136176]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-09-01 317440]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-01 113120]
R3 ncpfilt;WatchGuard Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [2010-02-23 151272]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2005-04-13 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-27 1255736]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2010-10-06 179752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-05-20 20549]
S2 DHCPServer;DHCP Server;c:\program files (x86)\DHCP Server\dhcpsrv.exe [2011-08-26 102400]
S2 ncpclcfg;ncpclcfg;c:\program files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe [2008-06-30 86016]
S2 ncprwsnt;ncprwsnt;c:\program files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2010-02-25 1389576]
S2 NcpSec;NcpSec;c:\program files (x86)\WatchGuard\Mobile VPN\ncpsec.exe [2010-02-05 97280]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-02-09 31408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-11-16 121832]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-11-16 364520]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [2010-02-23 151272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-25 174184]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 12:52]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 03:22]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files (x86)\SavevidPlug-in\redirect.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649}: NameServer = 209.226.175.236,66.158.128.37,198.235.216.130
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} - hxxp://www.myplaydownload.com/HipDigitalDownloadManager.cab
FF - ProfilePath - c:\users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-msidt - c:\users\Allan\AppData\Roaming\msidt.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
c:\progra~2\SQUEEZ~1\server\SQUEEZ~3.EXE
.
**************************************************************************
.
Completion time: 2012-08-01 00:58:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 04:58
.
Pre-Run: 29,448,048,640 bytes free
Post-Run: 60,274,364,416 bytes free
.
- - End Of File - - 2AD40439B8C535C83F02AB63BF55A8A7
 
Looks good :)

How is computer doing?

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
=? Computer seems to be working fine again. No redirects from Google. Thanks!

OTL logfile created on: 8/1/2012 11:19:25 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = d:\Users\Allan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.14% Memory free
31.96 Gb Paging File | 29.60 Gb Available in Paging File | 92.62% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 56.72 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1317.95 Gb Free Space | 70.74% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 684.36 Gb Free Space | 36.73% Space Free | Partition Type: NTFS

Computer Name: PUGET-87649 | User Name: Allan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 23:09:02 | 000,597,504 | ---- | M] (OldTimer Tools) -- d:\Users\Allan\Desktop\OTL.exe
PRC - [2012/07/31 20:27:23 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
PRC - [2012/02/22 21:12:42 | 000,943,168 | ---- | M] (Druide informatique inc.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
PRC - [2012/02/09 13:15:06 | 000,031,408 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/10/18 12:21:52 | 014,078,049 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
PRC - [2011/10/18 12:20:24 | 003,051,619 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
PRC - [2011/08/26 18:22:52 | 000,102,400 | ---- | M] (Uwe A. Ruttkamp) -- C:\Program Files (x86)\DHCP Server\dhcpsrv.exe
PRC - [2011/05/21 01:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 03:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/06 00:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 00:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/02/05 11:02:10 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPSEC.EXE
PRC - [2010/01/29 13:27:58 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
PRC - [2008/06/30 12:22:40 | 000,086,016 | ---- | M] (NCP engineering GmbH) -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/01 19:38:49 | 000,028,809 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\87fe0906e4bfbcec428293cf9a5ac335\NetResource.dll
MOD - [2012/08/01 00:57:02 | 000,098,415 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
MOD - [2012/08/01 00:57:00 | 000,061,547 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\bc147d83c7c868eeee67082dcf55430c\File.dll
MOD - [2012/08/01 00:57:00 | 000,032,881 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\b6bd87c968599725b8ab2e5c25d3046a\API.dll
MOD - [2012/08/01 00:57:00 | 000,017,920 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
MOD - [2012/08/01 00:56:52 | 004,547,584 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\951e8057c3fe65524966ea64dff289ac\Scan.dll
MOD - [2012/08/01 00:56:52 | 000,608,256 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
MOD - [2012/08/01 00:56:52 | 000,361,472 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
MOD - [2012/08/01 00:56:52 | 000,182,272 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d0bf009923f29116535c26d228271d6d\Scan.dll
MOD - [2012/08/01 00:56:52 | 000,110,705 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\7f2598c08178217a0e2c754f3d568f28\Byte.dll
MOD - [2012/08/01 00:56:52 | 000,061,546 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
MOD - [2012/08/01 00:56:52 | 000,032,878 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
MOD - [2012/08/01 00:56:52 | 000,030,208 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
MOD - [2012/08/01 00:56:52 | 000,028,774 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
MOD - [2012/08/01 00:56:52 | 000,024,701 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
MOD - [2012/08/01 00:56:52 | 000,024,695 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
MOD - [2012/08/01 00:56:52 | 000,024,679 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
MOD - [2012/08/01 00:56:52 | 000,024,672 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\17d0b152e63e6bfe81b4b19588538896\mro.dll
MOD - [2012/08/01 00:56:52 | 000,024,670 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
MOD - [2012/08/01 00:56:52 | 000,020,596 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\3b7106dd14676048b10bbb09a990f74c\XS.dll
MOD - [2012/08/01 00:56:52 | 000,020,596 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
MOD - [2012/08/01 00:56:52 | 000,020,592 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\b979ace6da01e63d651cce9ee2474fdc\Name.dll
MOD - [2012/08/01 00:56:52 | 000,020,587 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c668a322917d32a5ea22894518aa9897\Base64.dll
MOD - [2012/08/01 00:56:51 | 000,184,414 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\bd5179a413bc0c4b82eedc22c6cab101\re.dll
MOD - [2012/08/01 00:56:51 | 000,138,752 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\44727051c604ef6b79894b64d4c63832\Expat.dll
MOD - [2012/08/01 00:56:51 | 000,118,918 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
MOD - [2012/08/01 00:56:51 | 000,094,334 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\eb138ef0e4282611dbf485a302784646\LibYAML.dll
MOD - [2012/08/01 00:56:51 | 000,090,213 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
MOD - [2012/08/01 00:56:51 | 000,082,048 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
MOD - [2012/08/01 00:56:51 | 000,082,033 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
MOD - [2012/08/01 00:56:51 | 000,077,824 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\7f177c338672436e01c4f0bdbcf94491\EV.dll
MOD - [2012/08/01 00:56:51 | 000,061,540 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\e56c61f7248672819579325af3387035\POSIX.dll
MOD - [2012/08/01 00:56:51 | 000,053,340 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
MOD - [2012/08/01 00:56:51 | 000,041,080 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
MOD - [2012/08/01 00:56:51 | 000,036,964 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\f233f63b6654362865c7577442edb9e3\Win32.dll
MOD - [2012/08/01 00:56:51 | 000,030,720 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
MOD - [2012/08/01 00:56:51 | 000,028,779 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
MOD - [2012/08/01 00:56:51 | 000,024,694 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c344fd5536724b2af2e6453833b60203\SHA1.dll
MOD - [2012/08/01 00:56:51 | 000,024,681 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
MOD - [2012/08/01 00:56:51 | 000,024,679 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
MOD - [2012/08/01 00:56:51 | 000,024,676 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
MOD - [2012/08/01 00:56:51 | 000,020,601 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\4461f48e31bde5c56b31b973b773de09\List.dll
MOD - [2012/08/01 00:56:51 | 000,020,590 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
MOD - [2012/08/01 00:56:51 | 000,020,590 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
MOD - [2012/08/01 00:56:51 | 000,020,576 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
MOD - [2012/08/01 00:56:51 | 000,001,024 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3368\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
MOD - [2012/08/01 00:56:47 | 000,184,414 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\bd5179a413bc0c4b82eedc22c6cab101\re.dll
MOD - [2012/08/01 00:56:47 | 000,118,918 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
MOD - [2012/08/01 00:56:47 | 000,094,334 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\eb138ef0e4282611dbf485a302784646\LibYAML.dll
MOD - [2012/08/01 00:56:47 | 000,082,048 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
MOD - [2012/08/01 00:56:47 | 000,082,033 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
MOD - [2012/08/01 00:56:47 | 000,061,540 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\e56c61f7248672819579325af3387035\POSIX.dll
MOD - [2012/08/01 00:56:47 | 000,053,340 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
MOD - [2012/08/01 00:56:47 | 000,036,964 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\f233f63b6654362865c7577442edb9e3\Win32.dll
MOD - [2012/08/01 00:56:47 | 000,032,878 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
MOD - [2012/08/01 00:56:47 | 000,028,779 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
MOD - [2012/08/01 00:56:47 | 000,028,774 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
MOD - [2012/08/01 00:56:47 | 000,024,701 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\93e7e3d6030f426844228042348210cf\Service.dll
MOD - [2012/08/01 00:56:47 | 000,024,701 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
MOD - [2012/08/01 00:56:47 | 000,024,679 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
MOD - [2012/08/01 00:56:47 | 000,024,676 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
MOD - [2012/08/01 00:56:47 | 000,020,601 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\4461f48e31bde5c56b31b973b773de09\List.dll
MOD - [2012/08/01 00:56:47 | 000,020,590 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
MOD - [2012/08/01 00:56:47 | 000,020,576 | R--- | M] () -- C:\Users\Allan\AppData\Local\Temp\pdk-Allan-3492\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
MOD - [2012/06/21 23:16:50 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll
MOD - [2012/06/21 22:32:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/21 22:32:25 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/14 07:24:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 07:23:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/14 07:23:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/14 07:23:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/14 07:23:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/18 17:23:20 | 000,202,320 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qjpeg4.dll
MOD - [2011/11/18 17:23:14 | 000,032,336 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qgif4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/29 13:27:58 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
MOD - [2010/01/21 18:26:38 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPMIF32.DLL
MOD - [2009/11/27 11:11:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.dll
MOD - [2009/10/21 12:29:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPDLG.DLL
MOD - [2002/06/28 10:16:42 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPCFG.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/15 21:26:35 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/02 21:46:52 | 000,324,336 | ---- | M] (WildUP) [Auto | Running] -- C:\Program Files\DirectUpdate v4\DUEngine.exe -- (DirectUpdate)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/08/01 00:09:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/31 20:27:23 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe -- (ScsiAccess)
SRV - [2012/07/27 08:52:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/09 13:15:06 | 000,031,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/26 18:22:52 | 000,102,400 | ---- | M] (Uwe A. Ruttkamp) [Auto | Running] -- C:\Program Files (x86)\DHCP Server\dhcpsrv.exe -- (DHCPServer)
SRV - [2011/05/21 01:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/30 03:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/06 00:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 00:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 09:29:20 | 001,389,576 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe -- (ncprwsnt)
SRV - [2010/02/05 11:02:10 | 000,097,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPSEC.EXE -- (NcpSec)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/30 12:22:40 | 000,086,016 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe -- (ncpclcfg)
SRV - [2008/06/13 04:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Stopped] -- C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/13 10:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/04/13 10:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 10:24:12 | 000,152,064 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/25 02:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/26 14:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/15 22:05:02 | 000,364,520 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/11/15 22:05:00 | 000,121,832 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/10/26 14:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/06 01:55:10 | 000,179,752 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2010/10/02 08:14:36 | 012,157,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/09/21 12:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/01 00:07:06 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/23 10:31:32 | 000,151,272 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncplelhp)
DRV:64bit: - [2010/02/23 10:31:32 | 000,151,272 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncpfilt)
DRV:64bit: - [2009/12/31 06:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/04/13 17:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 7D 79 C6 5D 4C CC 01 [binary data]
IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3441346276-128489596-481474319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.0.3: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.0.3: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/03/27 21:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 00:09:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D79099A3-D608-11E1-8270-B8AC6F996F26}: C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}\ [2012/07/24 23:28:52 | 000,000,000 | ---D | M]

[2012/03/09 19:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allan\AppData\Roaming\Mozilla\Extensions
[2012/05/02 00:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\extensions
[2012/03/27 21:41:27 | 000,000,000 | ---D | M] ("Savevid.com Easy Video Downloader") -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\qi8mf2qa.default\extensions\ffmenu@savevid.com
[2012/04/26 17:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/24 23:28:52 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ALLAN\APPDATA\LOCAL\{D79099A3-D608-11E1-8270-B8AC6F996F26}
[2012/08/01 00:09:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/01 00:56:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [msidt] "C:\Windows\System32\rundll32.exe" "C:\Users\Allan\AppData\Roaming\msidt.dll",GetDesc File not found
O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [agentantidote64.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe (Druide informatique inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe ()
O4 - HKLM..\Run: [NcpMonitor] C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-3441346276-128489596-481474319-1000..\Run: [DUControl] C:\Program Files\DirectUpdate v4\DUControl.exe (WildUP)
O4 - Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk = File not found
O4 - Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ECM Engine.lnk = C:\Program Files (x86)\Brultech\ECM-1240 EngineG\EngineG.exe (Brultech Research Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3441346276-128489596-481474319-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm ()
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\SavevidPlug-in\redirect.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {57055870-7F19-46ED-B1DD-56004FBFCB9D} http://www.myplaydownload.com/HipDigitalDownloadManager.cab (Hip Digital Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lcs.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093BA482-CCF5-415E-BF85-F14E3D42D649}: NameServer = 209.226.175.236,66.158.128.37,198.235.216.130
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 23:09:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- d:\Users\Allan\Desktop\OTL.exe
[2012/08/01 00:58:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/01 00:56:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/01 00:52:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/01 00:52:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/01 00:52:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/01 00:52:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 00:52:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 00:43:51 | 004,721,982 | R--- | C] (Swearware) -- d:\Users\Allan\Desktop\ComboFix.exe
[2012/08/01 00:13:12 | 000,000,000 | ---D | C] -- d:\Users\Allan\Desktop\RK_Quarantine
[2012/08/01 00:13:01 | 004,731,392 | ---- | C] (AVAST Software) -- d:\Users\Allan\Desktop\aswMBR.exe
[2012/07/31 22:11:43 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Malwarebytes
[2012/07/31 22:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 20:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Producer
[2012/07/27 00:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/26 19:21:09 | 000,000,000 | ---D | C] -- d:\Users\Allan\Desktop\Nicks Europe Photos
[2012/07/24 23:28:52 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}
[2012/07/17 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/16 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canon MyCameraFiles
[2012/07/16 06:49:12 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Canon_Inc_IC
[2012/07/16 06:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon_Inc_IC
[2012/07/16 06:47:32 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\canon
[2012/07/16 06:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC

========== Files - Modified Within 30 Days ==========

[2012/08/01 23:09:02 | 000,597,504 | ---- | M] (OldTimer Tools) -- d:\Users\Allan\Desktop\OTL.exe
[2012/08/01 22:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 22:42:08 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/01 13:42:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/01 08:31:26 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 08:31:26 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 01:01:49 | 000,801,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/01 01:01:49 | 000,676,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/01 01:01:49 | 000,128,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/01 00:56:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/01 00:56:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 00:56:37 | 4277,587,966 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 00:43:54 | 004,721,982 | R--- | M] (Swearware) -- d:\Users\Allan\Desktop\ComboFix.exe
[2012/08/01 00:24:37 | 000,000,512 | ---- | M] () -- d:\Users\Allan\Desktop\MBR.dat
[2012/08/01 00:13:27 | 004,731,392 | ---- | M] (AVAST Software) -- d:\Users\Allan\Desktop\aswMBR.exe
[2012/08/01 00:12:51 | 001,552,384 | ---- | M] () -- d:\Users\Allan\Desktop\RogueKiller.exe
[2012/07/30 08:36:02 | 000,002,034 | -H-- | M] () -- d:\Users\Allan\Documents\Default.rdp
[2012/07/27 23:36:31 | 000,398,559 | ---- | M] () -- d:\Users\Allan\Desktop\3c.jpeg
[2012/07/27 20:10:06 | 063,155,958 | ---- | M] () -- d:\Users\Allan\Desktop\TMB Topo Map with Route.bmp
[2012/07/27 14:01:19 | 063,155,958 | ---- | M] () -- d:\Users\Allan\Desktop\TMB Topo Map.bmp
[2012/07/23 16:27:47 | 000,491,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/01 00:52:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/01 00:52:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/01 00:52:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/01 00:52:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/01 00:52:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/01 00:19:23 | 000,000,512 | ---- | C] () -- d:\Users\Allan\Desktop\MBR.dat
[2012/08/01 00:12:51 | 001,552,384 | ---- | C] () -- d:\Users\Allan\Desktop\RogueKiller.exe
[2012/07/28 00:40:51 | 063,155,958 | ---- | C] () -- d:\Users\Allan\Desktop\TMB Topo Map.bmp
[2012/07/27 23:35:13 | 000,398,559 | ---- | C] () -- d:\Users\Allan\Desktop\3c.jpeg
[2012/07/27 18:36:20 | 063,155,958 | ---- | C] () -- d:\Users\Allan\Desktop\TMB Topo Map with Route.bmp
[2012/04/06 11:30:23 | 000,038,260 | ---- | C] () -- C:\Users\Allan\logo.miff
[2012/04/06 09:02:22 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/04/06 09:02:22 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/04/06 09:02:06 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/04/06 08:52:58 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/04/06 08:52:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/04/01 12:16:04 | 000,000,218 | ---- | C] () -- C:\Users\Allan\.recently-used.xbel
[2012/03/28 17:15:36 | 000,005,120 | ---- | C] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/10 13:45:30 | 000,000,000 | ---- | C] () -- C:\Windows\midilib.INI
[2012/02/07 16:44:19 | 000,000,085 | ---- | C] () -- C:\Windows\Antidote7.ini
[2012/01/23 19:09:10 | 000,000,148 | -H-- | C] () -- C:\Windows\SysWow64\WN125047.bin
[2012/01/23 19:09:10 | 000,000,148 | -H-- | C] () -- C:\Windows\AC841540.bin
[2012/01/02 23:30:12 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2011/10/06 21:22:44 | 000,000,291 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\turing_files.ini
[2011/09/24 21:33:58 | 000,225,412 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/04 21:48:55 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2011/08/04 17:57:30 | 000,007,610 | ---- | C] () -- C:\Users\Allan\AppData\Local\Resmon.ResmonCfg
[2011/07/27 18:36:20 | 000,817,082 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/27 18:32:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/27 18:24:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/07/27 09:08:29 | 000,798,716 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/27 09:08:29 | 000,201,920 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/27 09:08:28 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/21 01:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/11/20 23:24:22 | 000,027,650 | ---- | C] () -- C:\Windows\SysWow64\eysusys.dll

========== LOP Check ==========

[2012/04/15 22:58:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Autodesk
[2011/11/10 23:49:30 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Azureus
[2012/07/16 06:47:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\canon
[2012/07/16 06:49:12 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Canon_Inc_IC
[2012/01/11 19:09:04 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/10 22:37:33 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/17 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\com.skinkers.aa
[2012/01/23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Druide
[2011/08/04 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Easy Thumbnails
[2011/11/20 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\FileOpen
[2012/04/15 17:30:19 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\fltk.org
[2012/03/05 21:56:59 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\FrontDesign
[2011/08/05 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\gPhotoShow
[2012/04/01 12:01:44 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\gtk-2.0
[2011/08/03 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Helios
[2011/08/15 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\jAlbum
[2011/07/27 20:50:30 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\MAXON
[2012/01/02 23:29:11 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\MyPublisher
[2011/08/04 11:31:18 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Netscape
[2012/01/11 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\PDAppFlex
[2012/07/31 20:26:54 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Photodex
[2012/04/15 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\PStill
[2012/06/22 12:48:57 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Research In Motion
[2011/09/20 19:23:07 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Softland
[2011/09/01 15:05:26 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\WatchGuard
[2012/07/30 08:34:32 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\webex
[2012/05/20 19:08:18 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:7F80734C
@Alternate Data Stream - 180 bytes -> d:\Users\Allan\Desktop\3c.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8C35AEA7
< End of report >
 
OTL Extras logfile created on: 8/1/2012 11:19:25 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = d:\Users\Allan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.44 Gb Available Physical Memory | 84.14% Memory free
31.96 Gb Paging File | 29.60 Gb Available in Paging File | 92.62% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 56.72 Gb Free Space | 50.78% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1317.95 Gb Free Space | 70.74% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 684.36 Gb Free Space | 36.73% Space Free | Partition Type: NTFS

Computer Name: PUGET-87649 | User Name: Allan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [gPhotoShow] -- "C:\Program Files (x86)\gPhotoShow\gPhotoShow.exe" /f "%1" (Gianpaolo Bottin)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [gPhotoShow] -- "C:\Program Files (x86)\gPhotoShow\gPhotoShow.exe" /f "%1" (Gianpaolo Bottin)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0264E87F-0B98-4882-996C-096AA2A6C1D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{086D3D29-BD67-49A2-96F3-439134B70DC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BBBD06E-8739-4812-8EE2-AA681DA71FFE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1519AD4D-E411-41BC-BD1B-CEBABDBAA4A6}" = lport=80 | protocol=6 | dir=in | name=apache webserver |
"{1A22EC7A-AD9D-4BD2-A35D-55ABDC24B2F4}" = lport=3389 | protocol=6 | dir=in | app=system |
"{1BFEDEAF-1772-4AE7-BE07-88FAAC513544}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{2078CB1A-7A4D-463F-B0F5-2801D0D64BFF}" = rport=139 | protocol=6 | dir=out | app=system |
"{22F13453-1E45-496B-A6EA-B50903A16FBB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{257889E0-A93A-4680-9B4F-9044A987288A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3474BFE8-DC1D-4DBB-96FC-1EA6C060B038}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38A9F59F-9145-405C-8D3B-CB1201C28522}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A3B6D7C-191F-4401-BBC8-529ED67D4510}" = lport=139 | protocol=6 | dir=in | app=system |
"{3CC24135-2D97-4C35-A8EF-9F9770A6434D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4540F77C-C602-498E-983A-52B7099AE557}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{474F1518-C6F7-4B55-AF3B-97539C4F4754}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{530E4A17-97D1-4D67-AB44-3FE10F8E8979}" = rport=445 | protocol=6 | dir=out | app=system |
"{5B92816A-3D16-463F-A4C3-36559A2AF620}" = lport=10243 | protocol=6 | dir=in | app=system |
"{874558E6-9E63-4E77-949F-5F583FFA9160}" = rport=138 | protocol=17 | dir=out | app=system |
"{8B5360EB-A5D8-454A-A5B0-A4D946F4FA42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9A156EA7-357C-4DDE-9831-790949B1929B}" = lport=445 | protocol=6 | dir=in | app=system |
"{9DFA9C60-978E-47B6-9EE6-1F78443A740A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FA08A86-F30E-48E9-B27E-E25A202A527B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A072A2A1-53F9-4F15-B00A-B4CF4A0D6F99}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3461BB5-22AD-42EF-9BD4-CC9777DEDFB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8AA6793-03B2-42CA-88DC-A8C07573B0A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC7931F3-59C4-4E70-8593-D2C8B8735432}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B234B6C1-A6B4-4C68-BF59-5B538BADEB21}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B35796C0-4565-4F2E-AD55-14C9E3294838}" = lport=137 | protocol=17 | dir=in | app=system |
"{B569D0C9-4024-4350-B076-04DCEB51F3FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB88C9C6-6E1B-4467-ABFA-954027B23A97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BBD7EFF0-9EB4-4884-9AC1-428576ACFAB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED4DD9B5-8A1C-49A6-BA76-4B79F2815139}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FFDA56-F799-46AD-9155-09D615227202}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08171927-D351-49ED-9C38-6769BFAAD4A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0AE24F91-CCF4-4D27-8CD1-7433B9AF91EF}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{11B5B6A5-A5BF-461D-A7A1-5417B622643C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{13708D3C-30BF-4946-A752-0D7E551A96AC}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{1A74547B-FD9F-4C52-88C0-A958EF8AE707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E64A82C-5013-4355-8027-97A146E50F42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{269AB9BA-A3CA-4F2D-9DFF-F6B10AD10386}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2AFD00E1-FBCA-4B6A-A7ED-000BB66284DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B8FB67F-7AEA-46AC-8FEC-84786F9795B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C8D65E1-7E96-45A3-BC40-CE4DEAF28065}" = protocol=6 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
"{3BB3077F-E3F6-4038-8E54-1AF029D1E691}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C7CFD72-794D-43CF-8675-139F8A28AA5F}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{3D8DF630-0101-4BA1-AE65-FC9682B1B36C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{435244E4-281F-4DE9-BD2A-393863E07D33}" = protocol=6 | dir=out | app=system |
"{43C96C32-CAFF-4802-8C9F-598805E448A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EF59B3D-0659-4893-98B5-534BF299097B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5477173B-E2AB-42EB-A46D-82AF062613E8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C6E0004-D9A2-4ABB-80E0-E771FECE3B97}" = protocol=17 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
"{79751273-3C54-496F-B3DC-057CEBD6CBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{80EE1E01-E294-4E16-90F2-F250446CF73E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{822BDB13-72D0-417E-8A7E-18AFDEBB4DB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CB44C8B-29FD-45A9-8B8C-791FC6A9F360}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8D9AB667-2B05-4D00-B87E-11381DD63C97}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8EA832AE-FD3C-4D0F-9CAE-A3DB6B0B8035}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8EC3BBDA-BB8E-49DD-A4FD-A963F28B1B64}" = protocol=17 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
"{967336DD-2090-4976-ACF0-E4490A1005DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{97A8C92D-89B7-4A8F-B862-47C3E9C75F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\dhcp server\dhcpsrv.exe |
"{99F9C4C1-F963-442E-BBA4-3F8F036C0AF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E7B5671-C599-449C-8D77-9D3671E45204}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B2418DE8-7AF1-4FC1-B70E-80C95D58F6EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B97DA5B7-50C6-4167-8006-54D7AB9DF1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{BAA71DA3-0B95-4CF8-B2C9-0CB6767511D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C65D9E32-8655-4B1D-A140-A27F1DBA3FF0}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{CADB58BC-0F7D-494E-9B59-E37D1C04F19E}" = protocol=6 | dir=in | app=c:\program files (x86)\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
"{D6EE6931-5BFC-4C21-9E71-E29711A0FA65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBA43932-0681-406F-93FE-D902867C194B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAF92EA3-852D-43A5-BC52-C9BDA60BEA03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC369A57-55D0-44D5-B407-1CF52F0ACB65}" = dir=in | app=c:\program files (x86)\squeezebox\server\squeezesvr.exe |
"{F30D0173-A6BD-4A77-80C3-E49282317B3A}" = protocol=17 | dir=in | app=c:\program files (x86)\ultidev\cassini web server for asp.net 2.0\ultidevcassinwebserver2a.exe |
"TCP Query User{22301796-4ED1-4FD9-97AC-28F8D14A83A0}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |
"TCP Query User{5CCE6418-78C7-44EE-904A-1EB7779E76BA}C:\program files\crestron\toolbox\vptcomserver.exe" = protocol=6 | dir=in | app=c:\program files\crestron\toolbox\vptcomserver.exe |
"TCP Query User{A01C448C-683C-4937-ABDA-43841BF98188}C:\program files (x86)\watchguard\mobile vpn\ncpmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\watchguard\mobile vpn\ncpmon.exe |
"TCP Query User{A34816C6-DF50-4A07-A888-6C8D24DBC848}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |
"TCP Query User{DEB9F383-1221-41F5-AAA3-8FF4592DCB6A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{1A01D6C1-D61D-43F4-890E-0B9BC9A94917}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{48A0B7D5-9946-47B2-860A-04A6C0F7E4B0}C:\program files (x86)\watchguard\mobile vpn\ncpmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\watchguard\mobile vpn\ncpmon.exe |
"UDP Query User{5614309D-94C9-4775-84DD-D9D23A8BC155}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |
"UDP Query User{599B08E9-D646-4876-83D0-8C043F2AB836}C:\program files\crestron\toolbox\vptcomserver.exe" = protocol=17 | dir=in | app=c:\program files\crestron\toolbox\vptcomserver.exe |
"UDP Query User{6B0A25BD-F23F-4F59-8396-257D0634F0BB}C:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brultech\ecm-1240 engineg\engineg.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{860FA5E2-DF36-4BFB-8807-68E688339BE0}" = ActivePerl 5.12.4 Build 1205 (64-bit)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F52FAFD-0EC6-4DC1-84F7-2B5CDB445B75}" = Brultech Electricity Monitor Dashboard
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{94D463D0-2B13-4181-9512-B27004B1151A}" = Autodesk Revit Architecture 2011 x64
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"900DDDE94EEFE76C6AE6B7E554E4DD2FBF7E9BCD" = Windows Driver Package - Crestron Electronics Inc. (WinUSB) USB (08/27/2009 6.1.7600.16385)
"Autodesk Revit Architecture 2011 x64" = Autodesk Revit Architecture 2011 x64
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DirectUpdate_is1" = DirectUpdate
"MediaInfo" = MediaInfo 0.7.54
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029A95A8-E814-4760-B5A1-0D46E2D62FB1}" = PHP 5.2.17
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{32ACB1D7-F25D-49B5-8463-1D8CE354A1CF}" = ReadMyHeart Software
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3ACB6AF7-5C8F-4272-B487-7F6FBBEB8A5A}" = Intel® Solid-State Drive Toolbox
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40247AAC-AB0D-449C-882F-90401C3351E8}" = UltiDev Cassini Web Server Explorer
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{443CBE24-0679-4027-9C36-66F129E009C5}" = Crestron Database
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-290C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6686F38D-1A32-4A8C-94D7-A2AA9C5F3C9B}" = Crestron Device Database
"{6FCEFE16-0A8E-4F79-A642-49582DD25F3A}" = RealDownloader
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B42A6A6-035B-43FC-A7AC-C99F1D084384}" = SIMPL Windows v2.11
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA3983BF-9B72-484E-972A-E47BBAFA9CCA}" = VisionTools Pro-e v4.0
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFC49757-08F4-44BB-84DF-E218DD75DA88}" = jAlbum
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CFEDA22F-435D-4891-913A-75B80D8159B8}" = Crestron Toolbox v1.15
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D758ECE8-6579-4CCD-8B1D-8BD3C3275370}" = QLink 4.82
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA94A899-F439-44D1-90B6-DB02A7341170}" = BlackBerry Desktop Software 7.0
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v5
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}" = UltiDev Cassini Web Server for ASP.NET 2.0
"{FB97A745-D1E6-435D-B942-264E94F89938}" = SIMPL+ Cross Compiler
"{FEBE8B16-8288-46CE-BE7C-B6B0F4B62720}" = QLink
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Apex TIFF to PDF Converter 2.3.8.2" = Apex TIFF to PDF Converter 2.3.8.2
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"AWStats" = AWStats
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.0
"CameraUserGuide-PSSX210IS" = Canon PowerShot SX210 IS Camera User Guide
"CameraUserGuide-PSSX260HSandSX240HS" = Canon PowerShot SX260 HS and SX240 HS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Easy HTML Autorun Builder" = Easy HTML Autorun Builder
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"ECM-1240 EngineG_is1" = ECM-1240 EngineG
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Front Panel Designer" = Front Panel Designer
"FrostWire 5" = FrostWire 5.2.9
"gPhotoShow_is1" = gPhotoShow Pro v5.2.1
"GPStill" = PStill PostScript to PDF Converter (remove only)
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"ImageMagick 6.7.6 Q16_is1" = ImageMagick 6.7.6-4 Q16 (2012-04-01)
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Logitech Media Server_is1" = Logitech Media Server 7.7.0
"MediaInfo" = MediaInfo 0.7.51 (32-bit)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mp3splt" = mp3splt
"mp3splt-gtk" = mp3splt-gtk
"mv61xxDriver" = marvell 61xx
"MWSnap 3" = MWSnap 3
"NCP RWS/GA" = WatchGuard Mobile VPN
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"Personal Printing Guide" = Canon Personal Printing Guide
"Photodex Presenter" = Photodex Presenter
"PhotoStitch" = Canon Utilities PhotoStitch
"ProShow Gold" = ProShow Gold
"ProShow Producer" = ProShow Producer
"SaveVid Plug-in" = SaveVid Plug-in
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3441346276-128489596-481474319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 11:04:02 PM | Computer Name = Puget-87649 | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/27 23:04:02.732]: [00009736]: GetDeviceList Failed!
pStiInfo = 0x0..

Error - 7/27/2012 11:04:02 PM | Computer Name = Puget-87649 | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/27 23:04:02.732]: [00009736]: ##### Fatal ERROR!!
Create STI-device failed! #####

Error - 7/27/2012 11:04:02 PM | Computer Name = Puget-87649 | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/07/27 23:04:02.733]: [00009736]: Initialize TwdsMain
Class failed!

Error - 7/29/2012 1:31:21 AM | Computer Name = Puget-87649 | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 7/29/2012 2:15:21 AM | Computer Name = Puget-87649 | Source = Winlogon | ID = 4005
Description = The Windows logon process has unexpectedly terminated.

Error - 7/31/2012 5:56:13 PM | Computer Name = Puget-87649 | Source = WinMgmt | ID = 10
Description =

Error - 8/1/2012 12:25:51 AM | Computer Name = Puget-87649 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1f5c Start
Time: 01cd6f999813b7a2 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: f3efe179-db90-11e1-937d-02004e435049

Error - 8/1/2012 12:27:28 AM | Computer Name = Puget-87649 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9d0 Start
Time: 01cd6f9dbcfb0a7d Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 8/1/2012 12:33:50 AM | Computer Name = Puget-87649 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12b8 Start
Time: 01cd6f9df59660fd Termination Time: 27 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 8/1/2012 12:50:56 AM | Computer Name = Puget-87649 | Source = WinMgmt | ID = 10
Description =

Error - 8/1/2012 12:58:24 AM | Computer Name = Puget-87649 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/21/2012 7:29:23 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 2/21/2012 7:30:59 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 2/21/2012 7:30:59 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 2/21/2012 7:31:00 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 2/21/2012 7:31:00 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 2/21/2012 7:31:01 AM | Computer Name = Puget-87649 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR5.

Error - 2/21/2012 8:00:07 AM | Computer Name = Puget-87649 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:40:01 AM on ?2/?21/?2012 was unexpected.

Error - 2/21/2012 6:18:13 PM | Computer Name = Puget-87649 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:23:58 AM on ?2/?21/?2012 was unexpected.

Error - 2/22/2012 10:33:47 PM | Computer Name = Puget-87649 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:05:58 PM on ?2/?22/?2012 was unexpected.

Error - 2/22/2012 10:34:01 PM | Computer Name = Puget-87649 | Source = BugCheck | ID = 1001
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O4:64bit: - HKLM..\Run: [msidt] "C:\Windows\System32\rundll32.exe" "C:\Users\Allan\AppData\Roaming\msidt.dll",GetDesc File not found
O4 - Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk = File not found
[2012/01/02 23:30:12 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:7F80734C
@Alternate Data Stream - 180 bytes -> d:\Users\Allan\Desktop\3c.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8C35AEA7

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Looking at the threats flagged by ESET, they are in backups from the laptop that you noted as previously infected. I will run some of these scanning tools on it. These are both Windows 7 boxes have shares visible to each other. Perhaps a virus on one is writing across to the other?

OTL Fix
======
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msidt deleted successfully.
C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DealFinder.lnk moved successfully.
C:\ProgramData\pyknfeyt.slj moved successfully.
ADS C:\ProgramData\TEMP:7F80734C deleted successfully.
ADS d:\Users\Allan\Desktop\3c.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\ProgramData\TEMP:8C35AEA7 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Allan
->Temp folder emptied: 17045756 bytes
->Temporary Internet Files folder emptied: 675296891 bytes
->Java cache emptied: 9283755 bytes
->FireFox cache emptied: 318679111 bytes
->Flash cache emptied: 138965 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125415616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 48412840 bytes

Total Files Cleaned = 1,139.00 mb


[EMPTYJAVA]

User: All Users

User: Allan
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Allan
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08032012_221406
Files\Folders moved on Reboot...
C:\Users\Allan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Allan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
FSS
===
Farbar Service Scanner Version: 04-08-2012 01
Ran by Allan (administrator) on 03-08-2012 at 22:29:39
Running from "D:\Users\Allan\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

TFC
===
Done.

ESET Online Scanner
=================
C:\ProgramData\{C4A867AE-B15C-4B7F-AD27-7F8C13A57518}\SavevidSetupV2.res Win32/Toolbar.SearchSuite application deleted - quarantined
C:\Qoobox\Quarantine\C\Users\Allan\AppData\Roaming\msidt.dll.vir a variant of Win32/Medfos.BL trojan cleaned by deleting - quarantined
C:\Users\Allan\AppData\Local\{D79099A3-D608-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-10-31 200000\Backup Files 2011-11-05 030958\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-10 205729\Backup Files 2011-11-10 205729\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-16 200000\Backup Files 2011-11-16 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-20 200711\Backup Files 2011-11-20 200711\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-11-25 200001\Backup Files 2011-11-25 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-02 212401\Backup Files 2011-12-02 212401\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-06 213148\Backup Files 2011-12-06 213148\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-12 220651\Backup Files 2011-12-12 220651\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2011-12-15 200000\Backup Files 2011-12-15 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-09 210852\Backup Files 2012-01-09 210852\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-15 200001\Backup Files 2012-01-15 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-25 200001\Backup Files 2012-01-25 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-01-31 204125\Backup Files 2012-01-31 204125\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-08 200001\Backup Files 2012-02-08 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-13 200000\Backup Files 2012-02-13 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-20 200000\Backup Files 2012-02-20 200000\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-02-26 200712\Backup Files 2012-02-26 200712\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-03-07 200001\Backup Files 2012-03-07 200001\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-03-21 200000\Backup Files 2012-03-21 200000\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-01 200001\Backup Files 2012-04-01 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-08 202335\Backup Files 2012-04-08 202335\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-14 200001\Backup Files 2012-04-14 200001\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-04-25 200001\Backup Files 2012-04-25 200001\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-05-17 213402\Backup Files 2012-05-17 213402\Backup files 3.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-06-05 203611\Backup Files 2012-06-05 203611\Backup files 3.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\Laptop Backup\CHERYL-PC\Backup Set 2012-06-05 203611\Backup Files 2012-06-15 215330\Backup files 1.zip multiple threats deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 1088.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 1146.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 439.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 443.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 464.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 476.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 491.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 505.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 520.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 535.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 550.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 584.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 612.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 637.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 664.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 690.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 718.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 759.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 788.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 812.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 836.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 868.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 897.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 933.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-11 040000\Backup files 997.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-11 040000\Backup Files 2012-06-16 040000\Backup files 160.zip multiple threats deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 1089.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 1147.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 1183.zip multiple threats deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 440.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 444.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 465.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 477.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 492.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 506.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 521.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 536.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 551.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 585.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 613.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 638.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 665.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 691.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 719.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 760.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 789.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 813.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 837.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 869.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 898.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 934.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-06-19 040001\Backup files 998.zip a variant of Win32/InstallCore.D application deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-07-25 040000\Backup files 1.zip multiple threats deleted - quarantined
F:\PUGET-87649\Backup Set 2012-06-19 040001\Backup Files 2012-08-01 040000\Backup files 1.zip a variant of Win32/Medfos.BL trojan deleted - quarantined
 
Sorry...

SecurityCheck
===========
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 21% Defragment your hard drive soon!
````````````````````End of Log``````````````````````
 
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
Click to expand...
Is your MSE functional?

===============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back