Solved Need help removing Win64/sirefef

tmacca · Aug 13, 2012

A little embarrassed to admit this got me last night. I was browsing Amazon when it caught me. Not sure how, and realised as soon as I installed the adobe update I had been duped, but anyway, I would appreciate some help getting rid of it

Microsoft Security Essentials disabled itself, Windows Update stopped working, I couldnt launch task manager etc etc.

My laptop keeps displaying a pop-up telling me that the laptop will restart after one minute.I cannot perform any sort of scan since the laptop keeps restarting. Safe mode works fine though

I have pasted the logs I think you will need?

frst.txt:

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 13-08-2012 20:02:20
Running from G:\
Windows 7 Enterprise (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup [358936 2009-07-15] (Intel Corporation)
HKLM\...\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [VX6000] C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162584 2011-06-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386840 2011-06-21] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417560 2011-06-21] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11227136 2009-07-06] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] "C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon [1107232 2009-07-19] (Infineon Technologies AG)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-05-07] (cyberlink)
HKLM-x32\...\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start [358456 2010-04-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CognizanceTS] rundll32.exe C:\PROGRA~2\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [24832 2010-01-17] (Bioscrypt Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103576 2012-06-08] (VMware, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\administrator\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\administrator\...\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe -all [x]
HKU\tony\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-12-20] (Google Inc.)
HKU\tony\...\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [5860984 2012-02-20] (SlySoft, Inc.)
HKU\tony\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\tony\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\tony\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59240 2012-02-23] (Apple Inc.)
HKU\tony\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\tony\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2012-02-23] (Apple Inc.)
HKU\tony\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [668944 2012-04-10] (SANDBOXIE L.T.D)
HKU\tony\...\Run: [atdpn] rundll32.exe "C:\Users\tony\AppData\Roaming\atdpn.dll",GotoPosition [162304 2012-08-12] (Crytek)
HKU\tony\...\Run: [dmplmg] "C:\Windows\System32\rundll32.exe" "C:\Users\tony\AppData\Roaming\dmplmg.dll",ThreadsInitialized [474624 2012-08-12] (BitTorrent, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
AppInit_DLLs: C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL
Tcpip\..\Interfaces\{4C43C4B9-7D8E-4350-B5A2-C86EDB711BB5}: [NameServer]192.168.0.1,192.168.0.2
Lsa: [Notification Packages] scecli
ASCredProv64
Startup: C:\Users\administrator\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\tony\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
==================== Services (Whitelisted) ======
2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
2 ASBroker; C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [192768 2010-01-17] (Bioscrypt Inc.)
2 ASChannel; C:\Program Files (x86)\Hewlett-Packard\IAM\bin\AsChnl.dll [150272 2010-01-17] (Bioscrypt Inc.)
3 DMService; C:\Windows\DOWNLO~1\DMService.exe [487824 2012-06-20] (Microsoft Corporation)
3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-10-05] (Hewlett-Packard Ltd)
2 HpFkCryptService; "C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [256616 2010-03-05] (McAfee, Inc.)
2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1107232 2009-07-19] (Infineon Technologies AG)
2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984352 2009-07-19] (Infineon Technologies AG)
2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-15] (Intel Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PersonalSecureDriveService; "C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe" [214304 2009-07-19] (Infineon Technologies AG)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [97552 2012-04-10] (SANDBOXIE L.T.D)
2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-12-19] (Microsoft Corporation)
2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-15] (Intel Corporation)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-05-19] ()
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
========================== Drivers (Whitelisted) =============
3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [497152 2009-05-18] (Analog Devices, Inc.)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-01-29] (SlySoft, Inc.)
3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138360 2012-01-29] (SlySoft, Inc.)
3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-09-08] (Hewlett-Packard Development Company L.P.)
3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn.sys [19000 2010-02-24] (Hewlett-Packard Company)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
3 PAC7302; C:\Windows\System32\Drivers\PAC7302.sys [527872 2007-11-08] (PixArt Imaging Inc.)
3 PAC7302; C:\Windows\SysWow64\Drivers\PAC7302.sys [454656 2007-11-08] (PixArt Imaging Inc.)
1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2009-07-19] (Infineon Technologies AG)
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-08] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-29] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-07-29] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-07-29] (Trusteer Ltd.)
3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
3 rismcx64; C:\Windows\System32\Drivers\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [14952 2010-03-05] (SafeBoot International)
0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [55912 2010-03-05] (SafeBoot International)
0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2007-07-16] (SafeBoot N.V.)
0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15464 2010-03-05] (SafeBoot International)
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [164528 2012-04-10] (SANDBOXIE L.T.D)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [89600 2007-02-12] (Prolific Technology Inc.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-27] (Duplex Secure Ltd.)
2 VMparport; C:\Windows\System32\Drivers\VMparport.sys [31384 2012-06-08] (VMware, Inc.)
3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-05-07] (CyberLink Corp.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-08-13 10:52 - 2012-08-13 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8EC5BB89CC96809F
2012-08-13 10:49 - 2012-08-13 10:49 - 00000070 ____A C:\Users\tony\Desktop\sirefef.txt
2012-08-13 10:18 - 2012-08-13 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89DF1D46DC7FF6F5
2012-08-13 09:53 - 2012-08-13 09:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.87DC529FB367025F
2012-08-13 09:49 - 2012-08-13 09:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CADB10F71D3C7DFE
2012-08-13 09:47 - 2012-08-13 09:47 - 00277368 ____A C:\Windows\Minidump\081312-22604-01.dmp
2012-08-13 09:44 - 2012-08-13 09:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96769962702029E5
2012-08-13 09:41 - 2012-08-13 09:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD0CF8451C7E2577
2012-08-13 09:38 - 2012-08-13 09:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7C243ACFBCA2AB0
2012-08-13 09:34 - 2012-08-13 09:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B0782A6B18A8870
2012-08-13 09:31 - 2012-08-13 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.281279862548F519
2012-08-13 09:27 - 2012-08-13 09:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58D35FBBE24D16F5
2012-08-13 09:24 - 2012-08-13 09:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DCA81C2B58CB7B9
2012-08-13 09:22 - 2012-08-13 09:22 - 00277368 ____A C:\Windows\Minidump\081312-22557-02.dmp
2012-08-13 09:20 - 2012-08-13 09:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AC86DE813D3524E
2012-08-13 09:16 - 2012-08-13 09:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D598EDF38F8FBE98
2012-08-13 09:13 - 2012-08-13 09:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1558BA4065F5D8B9
2012-08-13 09:10 - 2012-08-13 09:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DCC255C0DAD37CE
2012-08-13 09:06 - 2012-08-13 09:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.139CEDADEDE5F004
2012-08-13 09:03 - 2012-08-13 09:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.316AD5A7234A9231
2012-08-13 09:00 - 2012-08-13 09:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6007BD3303683A
2012-08-13 08:58 - 2012-08-13 08:58 - 00277368 ____A C:\Windows\Minidump\081312-22573-01.dmp
2012-08-13 08:55 - 2012-08-13 08:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83569D544CBAD205
2012-08-13 08:52 - 2012-08-13 08:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3058733D6FDE5976
2012-08-13 08:49 - 2012-08-13 08:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4732BDA16FECB3B0
2012-08-13 08:45 - 2012-08-13 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E7291831023B54A
2012-08-13 08:42 - 2012-08-13 08:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.061F4EBB4442F69E
2012-08-13 08:40 - 2012-08-13 08:40 - 00277368 ____A C:\Windows\Minidump\081312-22682-01.dmp
2012-08-13 08:38 - 2012-08-13 08:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11147D22D6F6116B
2012-08-13 08:36 - 2012-08-13 08:36 - 00277368 ____A C:\Windows\Minidump\081312-22479-01.dmp
2012-08-13 08:33 - 2012-08-13 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E367C6DAE0A7E22
2012-08-13 08:30 - 2012-08-13 08:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33A70F179AC6721B
2012-08-13 08:27 - 2012-08-13 08:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C0F6BAC81441A5
2012-08-13 08:25 - 2012-08-13 08:25 - 00277368 ____A C:\Windows\Minidump\081312-22557-01.dmp
2012-08-13 08:22 - 2012-08-13 08:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBF85E7574E8270E
2012-08-13 08:19 - 2012-08-13 08:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5EA9A1972E3E12E
2012-08-13 08:17 - 2012-08-13 08:17 - 00277368 ____A C:\Windows\Minidump\081312-22651-01.dmp
2012-08-13 08:15 - 2012-08-13 08:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB852EB137BE97DE
2012-08-12 14:45 - 2012-08-12 14:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FD52826D4F3B679
2012-08-12 14:25 - 2012-08-12 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAC12AA6A025A9E6
2012-08-12 14:22 - 2012-08-12 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE77015A856B18B
2012-08-12 14:18 - 2012-08-12 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.146F804316016965
2012-08-12 14:13 - 2012-08-12 14:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63C3662FCF329286
2012-08-12 14:07 - 2012-08-12 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D286AE7979B6DAE
2012-08-12 14:03 - 2012-08-12 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9DF44002BF3E67B
2012-08-12 13:57 - 2012-08-12 13:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3778643EBAEFF046
2012-08-12 13:52 - 2012-08-12 13:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD1BFB014FA86050
2012-08-12 13:46 - 2012-08-12 13:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DCF8D5D972341BE
2012-08-12 13:28 - 2012-08-12 13:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-12 13:28 - 2012-08-12 13:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-12 12:59 - 2012-08-12 12:59 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-12 12:58 - 2012-08-12 13:04 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-12 12:53 - 2012-08-12 12:53 - 01144963 ____A C:\Users\tony\Desktop\ProcessExplorer.zip
2012-08-12 12:39 - 2012-08-12 12:39 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-12 12:36 - 2012-08-12 12:37 - 00000000 ____D C:\Users\All Users\0C1CFB13000D001A3518CADFF875EF60
2012-08-12 12:36 - 2012-08-12 12:36 - 00474624 ____A (BitTorrent, Inc.) C:\Users\tony\AppData\Roaming\dmplmg.dll
2012-08-12 12:36 - 2012-08-12 12:36 - 00000000 ____D C:\Users\tony\AppData\Local\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}
2012-08-12 12:35 - 2012-08-12 12:35 - 00162304 __ASH (Crytek) C:\Users\tony\AppData\Roaming\atdpn.dll
2012-08-12 12:35 - 2012-08-12 12:35 - 00000000 ____D C:\Users\tony\AppData\Roaming\Zufe
2012-08-11 22:54 - 2012-08-11 22:54 - 00277392 ____A C:\Windows\Minidump\081212-23072-01.dmp
2012-07-23 12:27 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-23 12:24 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-23 12:24 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-23 12:24 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-23 12:24 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-23 12:24 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-23 12:24 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-23 12:24 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-23 12:24 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-23 12:24 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-23 12:24 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-23 12:24 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-23 12:24 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-23 12:24 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-23 12:24 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-23 12:24 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-23 12:24 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-23 12:24 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-23 12:24 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-23 12:24 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-23 12:24 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-23 12:24 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-23 12:24 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-23 12:24 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-23 12:24 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-23 12:24 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-23 12:24 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-23 12:23 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-23 12:23 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-23 12:13 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-23 12:13 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-23 12:13 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-23 12:13 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-23 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-23 12:13 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-23 12:13 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-23 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-23 12:13 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-23 12:13 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-23 12:13 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-23 12:13 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-23 12:13 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-23 12:12 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-23 12:12 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-23 12:12 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-23 12:12 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-23 12:12 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-23 12:12 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

============ 3 Months Modified Files ========================
2012-08-13 10:54 - 2010-05-26 10:09 - 00000144 ____A C:\Windows\System32\config\netlogon.ftl
2012-08-13 10:52 - 2012-08-13 10:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8EC5BB89CC96809F
2012-08-13 10:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-13 10:51 - 2009-07-13 20:51 - 00099713 ____A C:\Windows\setupact.log
2012-08-13 10:49 - 2012-08-13 10:49 - 00000070 ____A C:\Users\tony\Desktop\sirefef.txt
2012-08-13 10:18 - 2012-08-13 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89DF1D46DC7FF6F5
2012-08-13 09:53 - 2012-08-13 09:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.87DC529FB367025F
2012-08-13 09:49 - 2012-08-13 09:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CADB10F71D3C7DFE
2012-08-13 09:47 - 2012-08-13 09:47 - 00277368 ____A C:\Windows\Minidump\081312-22604-01.dmp
2012-08-13 09:47 - 2010-08-31 10:02 - 310577905 ____A C:\Windows\MEMORY.DMP
2012-08-13 09:47 - 2010-05-28 10:11 - 00044618 ____A C:\Windows\PFRO.log
2012-08-13 09:44 - 2012-08-13 09:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96769962702029E5
2012-08-13 09:41 - 2012-08-13 09:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD0CF8451C7E2577
2012-08-13 09:41 - 2010-08-29 01:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-13 09:38 - 2012-08-13 09:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7C243ACFBCA2AB0
2012-08-13 09:34 - 2012-08-13 09:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1B0782A6B18A8870
2012-08-13 09:31 - 2012-08-13 09:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.281279862548F519
2012-08-13 09:27 - 2012-08-13 09:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58D35FBBE24D16F5
2012-08-13 09:24 - 2012-08-13 09:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8DCA81C2B58CB7B9
2012-08-13 09:22 - 2012-08-13 09:22 - 00277368 ____A C:\Windows\Minidump\081312-22557-02.dmp
2012-08-13 09:20 - 2012-08-13 09:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AC86DE813D3524E
2012-08-13 09:16 - 2012-08-13 09:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D598EDF38F8FBE98
2012-08-13 09:13 - 2012-08-13 09:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1558BA4065F5D8B9
2012-08-13 09:10 - 2012-08-13 09:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2DCC255C0DAD37CE
2012-08-13 09:06 - 2012-08-13 09:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.139CEDADEDE5F004
2012-08-13 09:03 - 2012-08-13 09:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.316AD5A7234A9231
2012-08-13 09:00 - 2012-08-13 09:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BA6007BD3303683A
2012-08-13 08:58 - 2012-08-13 08:58 - 00277368 ____A C:\Windows\Minidump\081312-22573-01.dmp
2012-08-13 08:55 - 2012-08-13 08:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83569D544CBAD205
2012-08-13 08:52 - 2012-08-13 08:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3058733D6FDE5976
2012-08-13 08:49 - 2012-08-13 08:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4732BDA16FECB3B0
2012-08-13 08:45 - 2012-08-13 08:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E7291831023B54A
2012-08-13 08:42 - 2012-08-13 08:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.061F4EBB4442F69E
2012-08-13 08:40 - 2012-08-13 08:40 - 00277368 ____A C:\Windows\Minidump\081312-22682-01.dmp
2012-08-13 08:38 - 2012-08-13 08:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.11147D22D6F6116B
2012-08-13 08:36 - 2012-08-13 08:36 - 00277368 ____A C:\Windows\Minidump\081312-22479-01.dmp
2012-08-13 08:33 - 2012-08-13 08:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E367C6DAE0A7E22
2012-08-13 08:30 - 2012-08-13 08:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33A70F179AC6721B
2012-08-13 08:27 - 2012-08-13 08:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20C0F6BAC81441A5
2012-08-13 08:25 - 2012-08-13 08:25 - 00277368 ____A C:\Windows\Minidump\081312-22557-01.dmp
2012-08-13 08:22 - 2012-08-13 08:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBF85E7574E8270E
2012-08-13 08:19 - 2012-08-13 08:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5EA9A1972E3E12E
2012-08-13 08:17 - 2012-08-13 08:17 - 00277368 ____A C:\Windows\Minidump\081312-22651-01.dmp
2012-08-13 08:15 - 2012-08-13 08:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DB852EB137BE97DE
2012-08-12 14:45 - 2012-08-12 14:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FD52826D4F3B679
2012-08-12 14:42 - 2010-08-29 01:29 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-12 14:25 - 2012-08-12 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAC12AA6A025A9E6
2012-08-12 14:22 - 2012-08-12 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE77015A856B18B
2012-08-12 14:18 - 2012-08-12 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.146F804316016965
2012-08-12 14:13 - 2012-08-12 14:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63C3662FCF329286
2012-08-12 14:08 - 2012-04-02 10:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-12 14:07 - 2012-08-12 14:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D286AE7979B6DAE
2012-08-12 14:03 - 2012-08-12 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9DF44002BF3E67B
2012-08-12 13:57 - 2012-08-12 13:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3778643EBAEFF046
2012-08-12 13:52 - 2012-08-12 13:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CD1BFB014FA86050
2012-08-12 13:46 - 2012-08-12 13:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1DCF8D5D972341BE
2012-08-12 13:29 - 2011-01-26 14:46 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-12 13:29 - 2010-05-26 09:39 - 01267499 ____A C:\Windows\WindowsUpdate.log
2012-08-12 13:28 - 2010-07-31 15:53 - 00796738 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-12 13:24 - 2009-07-13 20:45 - 00017312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-12 13:24 - 2009-07-13 20:45 - 00017312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-12 12:53 - 2012-08-12 12:53 - 01144963 ____A C:\Users\tony\Desktop\ProcessExplorer.zip
2012-08-12 12:36 - 2012-08-12 12:36 - 00474624 ____A (BitTorrent, Inc.) C:\Users\tony\AppData\Roaming\dmplmg.dll
2012-08-12 12:35 - 2012-08-12 12:35 - 00162304 __ASH (Crytek) C:\Users\tony\AppData\Roaming\atdpn.dll
2012-08-12 12:09 - 2010-05-26 13:24 - 00001940 ____A C:\Windows\Sandboxie.ini
2012-08-12 02:17 - 2010-12-20 10:40 - 00002000 ____A C:\Users\tony\Documents\Default.rdp
2012-08-11 22:54 - 2012-08-11 22:54 - 00277392 ____A C:\Windows\Minidump\081212-23072-01.dmp
2012-08-08 13:42 - 2012-02-03 15:59 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-03 09:08 - 2012-04-02 10:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-03 09:08 - 2011-05-17 13:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-01 10:42 - 2009-07-13 21:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-29 11:52 - 2012-04-15 01:51 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-07-23 12:33 - 2009-07-13 20:45 - 00416720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-23 12:24 - 2010-05-27 11:05 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-20 10:47 - 2012-06-17 04:41 - 00002021 ____A C:\Users\tony\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-01 11:14 - 2012-07-01 11:14 - 00866923 ____A C:\Users\tony\Downloads\MPCleaner.mpe1
2012-06-27 22:03 - 2012-06-27 22:03 - 00277448 ____A C:\Windows\Minidump\062812-22682-01.dmp
2012-06-23 22:03 - 2012-06-23 22:03 - 00277464 ____A C:\Windows\Minidump\062412-22978-01.dmp
2012-06-23 10:58 - 2010-07-16 09:58 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-22 08:06 - 2012-06-09 01:07 - 00001192 ____A C:\Users\Public\Desktop\My LastPass Vault.lnk
2012-06-21 09:33 - 2012-06-21 09:33 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-21 09:24 - 2012-06-21 09:24 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-20 08:58 - 2012-06-20 08:58 - 00277448 ____A C:\Windows\Minidump\062012-22666-01.dmp
2012-06-17 05:21 - 2012-06-17 04:42 - 00000154 ____A C:\Users\tony\AppData\Roaming\Rim.Transcoder.Exception.log
2012-06-17 05:21 - 2012-06-17 04:42 - 00000154 ____A C:\Users\tony\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-17 05:21 - 2012-06-17 04:42 - 00000154 ____A C:\Users\tony\AppData\Roaming\Rim.Desktop.Exception.log
2012-06-17 05:16 - 2012-06-17 04:42 - 00009216 ____A C:\Users\tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-17 04:47 - 2009-07-13 21:13 - 00791130 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-17 04:45 - 2012-06-17 04:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-06-17 04:36 - 2012-06-17 04:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-06-14 23:09 - 2012-06-14 23:09 - 00002135 ____A C:\Users\Public\Desktop\VMware Workstation.lnk
2012-06-12 22:50 - 2012-06-12 22:50 - 00277392 ____A C:\Windows\Minidump\061312-22807-01.dmp
2012-06-12 11:56 - 2012-06-12 11:56 - 00277392 ____A C:\Windows\Minidump\061212-23415-01.dmp
2012-06-11 19:08 - 2012-07-23 12:27 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 12:06 - 2012-06-11 12:06 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-06-11 11:43 - 2012-06-11 11:43 - 00277392 ____A C:\Windows\Minidump\061112-22386-01.dmp
2012-06-10 13:30 - 2011-11-16 13:31 - 00001017 ____A C:\Users\tony\Desktop\Dropbox.lnk
2012-06-08 21:43 - 2012-07-23 12:13 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-23 12:13 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 17:29 - 2012-06-14 23:09 - 00942744 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-06-08 17:29 - 2012-06-14 23:09 - 00063128 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-06-08 17:29 - 2012-06-14 23:09 - 00031384 ____A (VMware, Inc.) C:\Windows\System32\Drivers\VMparport.sys
2012-06-08 17:28 - 2012-06-14 23:09 - 00433816 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-06-08 17:28 - 2012-06-14 23:09 - 00354456 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-06-08 17:27 - 2012-06-14 23:09 - 00030360 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-06-08 15:29 - 2012-06-08 15:29 - 00252056 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnc.dll
2012-06-08 14:52 - 2012-06-08 14:52 - 00062064 ____A (VMware, Inc.) C:\Windows\System32\vmnetbridge.dll
2012-06-08 14:52 - 2012-06-08 14:52 - 00048752 ____A (VMware, Inc.) C:\Windows\System32\vnetinst.dll
2012-06-08 14:52 - 2012-06-08 14:52 - 00045680 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetbridge.sys
2012-06-08 14:52 - 2012-06-08 14:52 - 00024176 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnet.sys
2012-06-08 14:52 - 2012-06-08 14:52 - 00020080 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetadapter.sys
2012-06-07 09:37 - 2012-06-07 09:37 - 00277392 ____A C:\Windows\Minidump\060712-23088-01.dmp
2012-06-05 22:06 - 2012-07-23 12:13 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-23 12:13 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-23 12:13 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-23 12:13 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-23 12:13 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-23 12:13 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-09 20:29 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-09 20:29 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-09 20:29 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-09 20:29 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-09 20:29 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-09 20:29 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-09 20:29 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-09 20:29 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-09 20:29 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-23 12:24 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-23 12:23 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-23 12:24 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-23 12:24 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-23 12:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-23 12:24 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-23 12:24 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-23 12:24 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-23 12:24 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-23 12:24 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-23 12:24 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-23 12:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-23 12:24 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-23 12:24 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-23 12:24 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-23 12:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-23 12:24 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-23 12:24 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-23 12:24 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-23 12:24 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-23 12:24 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-23 12:24 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-23 12:24 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-23 12:24 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-23 12:24 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-23 12:24 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-23 12:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-23 12:24 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-23 12:13 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-23 12:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-23 12:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-23 12:13 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-23 12:13 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-23 12:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-23 12:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-23 12:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-23 12:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 14:05 - 2012-06-01 14:00 - 4239261696 ____A C:\iobw.tst
2012-06-01 14:05 - 2012-06-01 14:00 - 00000186 ____A C:\Users\tony\Documents\results.csv
2012-06-01 13:43 - 2012-06-01 13:31 - 491232944 ____A (VMware, Inc.) C:\Users\tony\Downloads\VMware-workstation-full-8.0.3-703057.exe
2012-06-01 10:40 - 2012-06-01 10:40 - 00000857 ____A C:\Users\tony\Desktop\putty.exe - Shortcut.lnk
2012-05-31 09:56 - 2012-05-31 09:56 - 00277408 ____A C:\Windows\Minidump\053112-22838-01.dmp
2012-05-28 09:45 - 2012-05-28 09:45 - 00277392 ____A C:\Windows\Minidump\052812-23025-01.dmp
2012-05-25 09:38 - 2012-05-25 09:38 - 00277392 ____A C:\Windows\Minidump\052512-22854-01.dmp
2012-05-19 23:45 - 2010-11-21 07:01 - 00001024 ____A C:\.rnd
2012-05-19 11:30 - 2011-03-05 07:36 - 00007615 ____A C:\Users\tony\AppData\Local\Resmon.ResmonCfg
ZeroAccess:
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}\@
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}\L
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}\n
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}\U
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}\U\00000001.@
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}\U\80000000.@
C:\Windows\Installer\{592c8187-54b0-9145-c804-6140afd6967a}\U\800000cb.@
ZeroAccess:
C:\Users\tony\AppData\Local\{592c8187-54b0-9145-c804-6140afd6967a}
C:\Users\tony\AppData\Local\{592c8187-54b0-9145-c804-6140afd6967a}\@
C:\Users\tony\AppData\Local\{592c8187-54b0-9145-c804-6140afd6967a}\L
C:\Users\tony\AppData\Local\{592c8187-54b0-9145-c804-6140afd6967a}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 31%
Total physical RAM: 1910.27 MB
Available physical RAM: 1303.97 MB
Total Pagefile: 1910.27 MB
Available Pagefile: 1301.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:221.97 GB) (Free:12.21 GB) NTFS
2 Drive e: (HP_TOOLS) (Fixed) (Total:1.5 GB) (Free:1.5 GB) FAT32
4 Drive g: (CORSAIR) (Removable) (Total:29.85 GB) (Free:29.66 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 223 GB 0 B
Disk 1 Online 29 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 221 GB 101 MB
Partition 3 Primary 1540 MB 222 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 221 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_TOOLS FAT32 Partition 1540 MB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 31 KB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G CORSAIR NTFS Removable 29 GB Healthy
==================================================================================
Last Boot: 2012-08-06 22:10
======================= End Of Log ==========================

tmacca · Aug 13, 2012

search.txt

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-13 20:06:07
Running from G:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

Broni · Aug 13, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

Please post BOTH logs, rKill.txt and Combofix.txt.

tmacca · Aug 15, 2012

If I managed to get combofix to run, do I still need to run rkill?

Heres is the output from combofix

ComboFix 12-08-13.01 - tony 14/08/2012 7:14.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.1910.610 [GMT 1:00]
Running from: c:\users\tony\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0C1CFB13000D001A3518CADFF875EF60
c:\programdata\0C1CFB13000D001A3518CADFF875EF60\0C1CFB13000D001A3518CADFF875EF60
c:\programdata\0C1CFB13000D001A3518CADFF875EF60\0C1CFB13000D001A3518CADFF875EF60.exe
c:\programdata\0C1CFB13000D001A3518CADFF875EF60\0C1CFB13000D001A3518CADFF875EF60.ico
c:\users\tony\AppData\Roaming\dmplmg.dll
c:\users\tony\AppData\Roaming\Zufe
c:\users\tony\AppData\Roaming\Zufe\woheu.end
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-14 04:02 . 2012-08-14 04:02 -------- d-----w- C:\FRST
2012-08-13 20:30 . 2012-08-13 20:30 328704 ----a-w- c:\windows\system32\services.exe.FF77F9481095010C
2012-08-13 20:28 . 2012-07-16 01:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0E4CB49-2482-4280-AF22-9666F31D929A}\mpengine.dll
2012-08-13 20:22 . 2012-08-13 20:22 328704 ----a-w- c:\windows\system32\services.exe.D1543B5280B5162A
2012-08-13 19:19 . 2012-08-13 19:19 328704 ----a-w- c:\windows\system32\services.exe.7C734DF7894477D5
2012-08-13 19:14 . 2012-08-13 19:14 328704 ----a-w- c:\windows\system32\services.exe.AA89ECA94A1B3D6C
2012-08-12 21:30 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B833592-0FBF-44FE-B828-36510524C0B8}\gapaengine.dll
2012-08-12 21:28 . 2012-08-12 21:28 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-12 21:28 . 2012-08-12 21:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-12 20:59 . 2012-08-12 20:59 -------- d-----w- c:\program files\Enigma Software Group
2012-08-12 20:58 . 2012-08-12 21:04 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-12 20:58 . 2012-08-12 20:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-12 20:39 . 2012-08-12 20:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-12 20:36 . 2012-08-12 20:36 -------- d-----w- c:\users\tony\AppData\Local\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}
2012-07-23 20:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-23 20:23 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-23 20:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-23 20:12 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-23 20:12 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-23 20:12 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-23 20:12 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-23 20:12 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-21 11:41 . 2012-08-03 19:41 -------- d-----w- C:\music
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 17:08 . 2012-04-02 18:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 17:08 . 2011-05-17 21:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 19:52 . 2012-04-15 09:51 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-23 20:24 . 2010-05-27 19:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-22 16:06 . 2012-06-09 09:07 6221896 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2012-06-09 01:29 . 2012-06-15 07:09 942744 ----a-w- c:\windows\system32\vnetlib64.dll
2012-06-09 01:29 . 2012-06-15 07:09 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-06-09 01:29 . 2012-06-15 07:09 31384 ----a-w- c:\windows\system32\drivers\VMparport.sys
2012-06-09 01:28 . 2012-06-15 07:09 433816 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-06-09 01:28 . 2012-06-15 07:09 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-06-09 01:27 . 2012-06-15 07:09 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-06-08 23:29 . 2012-06-08 23:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-06-08 22:52 . 2012-06-08 22:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-06-08 22:52 . 2012-06-08 22:52 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-06-08 22:52 . 2012-06-08 22:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-06-08 22:52 . 2012-06-08 22:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-06-08 22:52 . 2012-06-08 22:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-06-02 22:19 . 2012-06-10 04:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-10 04:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-10 04:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-10 04:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-10 04:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-10 04:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-10 04:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-10 04:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-10 04:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-21 20:14 . 2012-05-21 20:14 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-20 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-02-20 5860984]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 668944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-07-19 1107232]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"PTHOSTTR"="c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~2\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2010-01-18 24832]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-06-09 103576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-6-9 6221896]
.
c:\users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\tony\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-10-05 17:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-09-08 40760]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2012-06-20 487824]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-10-05 362040]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2143600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-11 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-27 834544]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-07-19 44576]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-09 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/05 21:01];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 20:05 146928]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2009-07-29 1841912]
S2 HpFkCryptService;Drive Encryption Service;c:\program files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-03-05 256616]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-07-06 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-12-19 150928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-15 2058776]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-06-09 11839488]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-03-01 549888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-02-01 7675392]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Bioscrypt REG_MULTI_SZ ASChannel
Cognizance REG_MULTI_SZ ASBroker
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:08]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 09:29]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 09:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EA99306-BC87-4930-9E1D-1D1EA32A7E4E}]
2010-01-18 05:06 568064 ----a-w- c:\program files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 417560]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF29980.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\tony\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\tony\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: macartney.test\citrix-01
Trusted Zone: qm-g.com\qcag
Trusted Zone: thetrainline.com\www
TCP: DhcpNameServer = 192.168.0.2 192.168.0.1
TCP: Interfaces\{4C43C4B9-7D8E-4350-B5A2-C86EDB711BB5}: NameServer = 192.168.0.1,192.168.0.2
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://192.168.0.150/JpegInst.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\b9y96jpt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nzbsrus.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - user.js: extensions.BabylonToolbar_i.id - acd5cd3c00000000000000247ef38618
FF - user.js: extensions.BabylonToolbar_i.hardId - acd5cd3c00000000000000247ef38618
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15381
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-dmplmg - c:\users\tony\AppData\Roaming\dmplmg.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-2530199532.go.sky.com - c:\program files (x86)\Microsoft Silverlight\5.0.61118.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Hewlett-Packard\IAM\bin\AsGHost.exe
.
**************************************************************************
.
Completion time: 2012-08-15 06:39:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 05:39
.
Pre-Run: 11,232,407,552 bytes free
Post-Run: 13,788,323,840 bytes free
.
- - End Of File - - 0D8A26DC065A4B46E9B8CB9B91FD7B02

Broni · Aug 15, 2012

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\services.exe.FF77F9481095010C
c:\windows\system32\services.exe.D1543B5280B5162A
c:\windows\system32\services.exe.7C734DF7894477D5
c:\windows\system32\services.exe.AA89ECA94A1B3D6C


DDS::
Trusted Zone: macartney.test\citrix-01
Trusted Zone: qm-g.com\qcag
Trusted Zone: thetrainline.com\www

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

tmacca · Aug 15, 2012

I really do appreciate all your help with this! Laptop seems much more stable now, it isn't rebooting every minute!

Combofix run as requested. Log output below:

ComboFix 12-08-15.01 - tony 15/08/2012 20:00:08.2.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.1910.534 [GMT 1:00]
Running from: c:\users\tony\Desktop\ComboFix.exe
Command switches used :: c:\users\tony\Desktop\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\services.exe.7C734DF7894477D5"
"c:\windows\system32\services.exe.AA89ECA94A1B3D6C"
"c:\windows\system32\services.exe.D1543B5280B5162A"
"c:\windows\system32\services.exe.FF77F9481095010C"
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 19:08 . 2012-08-15 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 19:08 . 2012-08-15 19:08 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-08-15 05:49 . 2012-07-16 01:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74303B64-1702-4025-BC2E-7DB0343D5B7A}\mpengine.dll
2012-08-14 04:02 . 2012-08-14 04:02 -------- d-----w- C:\FRST
2012-08-13 20:30 . 2012-08-13 20:30 328704 ----a-w- c:\windows\system32\services.exe.FF77F9481095010C
2012-08-13 20:22 . 2012-08-13 20:22 328704 ----a-w- c:\windows\system32\services.exe.D1543B5280B5162A
2012-08-13 19:19 . 2012-08-13 19:19 328704 ----a-w- c:\windows\system32\services.exe.7C734DF7894477D5
2012-08-13 19:14 . 2012-08-13 19:14 328704 ----a-w- c:\windows\system32\services.exe.AA89ECA94A1B3D6C
2012-08-12 21:30 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B833592-0FBF-44FE-B828-36510524C0B8}\gapaengine.dll
2012-08-12 21:28 . 2012-08-12 21:28 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-12 21:28 . 2012-08-12 21:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-12 20:59 . 2012-08-12 20:59 -------- d-----w- c:\program files\Enigma Software Group
2012-08-12 20:58 . 2012-08-12 21:04 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-12 20:58 . 2012-08-12 20:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-12 20:39 . 2012-08-12 20:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-12 20:36 . 2012-08-12 20:36 -------- d-----w- c:\users\tony\AppData\Local\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}
2012-07-23 20:27 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-23 20:23 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-23 20:12 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-23 20:12 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-23 20:12 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-23 20:12 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-23 20:12 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-23 20:12 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-21 11:41 . 2012-08-03 19:41 -------- d-----w- C:\music
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 06:08 . 2012-04-02 18:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 06:08 . 2011-05-17 21:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 19:52 . 2012-04-15 09:51 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-23 20:24 . 2010-05-27 19:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-22 16:06 . 2012-06-09 09:07 6221896 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2012-06-09 01:29 . 2012-06-15 07:09 942744 ----a-w- c:\windows\system32\vnetlib64.dll
2012-06-09 01:29 . 2012-06-15 07:09 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-06-09 01:29 . 2012-06-15 07:09 31384 ----a-w- c:\windows\system32\drivers\VMparport.sys
2012-06-09 01:28 . 2012-06-15 07:09 433816 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-06-09 01:28 . 2012-06-15 07:09 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-06-09 01:27 . 2012-06-15 07:09 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-06-08 23:29 . 2012-06-08 23:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-06-08 22:52 . 2012-06-08 22:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-06-08 22:52 . 2012-06-08 22:52 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-06-08 22:52 . 2012-06-08 22:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-06-08 22:52 . 2012-06-08 22:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-06-08 22:52 . 2012-06-08 22:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-06-02 22:19 . 2012-06-10 04:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-10 04:29 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-10 04:29 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-10 04:29 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-10 04:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-10 04:29 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-10 04:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-10 04:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-10 04:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-21 20:14 . 2012-05-21 20:14 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_05.36.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-15 05:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-15 18:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-15 05:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 18:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 18:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 05:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-26 19:51 . 2012-08-15 18:58 75554 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-08-14 06:09 55576 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-15 18:58 55576 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-26 21:11 . 2012-08-15 18:42 20742 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1337370660-1655620044-158343729-1119_UserData.bin
+ 2009-07-14 04:46 . 2012-08-15 05:54 84184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-15 18:55 . 2012-08-15 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 05:35 . 2012-08-15 05:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 05:35 . 2012-08-15 05:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 18:55 . 2012-08-15 18:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 06:08 . 2012-08-15 06:08 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 06:08 . 2012-08-15 06:08 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-04-02 18:06 . 2012-08-03 17:08 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-02 18:06 . 2012-08-15 06:08 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-07-14 02:36 . 2012-08-14 06:15 672746 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-15 19:04 672746 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-15 19:04 128816 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-14 06:15 128816 c:\windows\system32\perfc009.dat
+ 2012-08-15 06:08 . 2012-08-15 06:08 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-15 06:08 . 2012-08-15 06:08 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
- 2010-05-26 17:41 . 2012-08-14 06:03 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-26 17:41 . 2012-08-15 06:08 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-14 06:03 966656 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 06:08 966656 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-08-14 06:26 386464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-15 18:55 386464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-26 17:41 . 2012-08-14 06:03 1949696 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-26 17:41 . 2012-08-15 06:08 1949696 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-30 22:07 . 2012-08-15 18:55 4146638 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1337370660-1655620044-158343729-1119-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-20 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-02-20 5860984]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 668944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-07-06 11227136]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2009-07-19 1107232]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"PTHOSTTR"="c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456]
"CognizanceTS"="c:\progra~2\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2010-01-18 24832]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-06-09 103576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-6-9 6221896]
.
c:\users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\tony\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-10-05 17:43 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-06-09 11839488]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-09-08 40760]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [2012-06-20 487824]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-10-05 362040]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2143600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-11 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-29 101688]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-27 834544]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-07-19 44576]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-09 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-29 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-29 297240]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/05 21:01];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 20:05 146928]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2009-07-29 1841912]
S2 HpFkCryptService;Drive Encryption Service;c:\program files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-03-05 256616]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-07-06 77824]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-29 976728]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2010-12-19 150928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-15 2058776]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-03-01 549888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-02-01 7675392]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2009-07-20 59008]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Bioscrypt REG_MULTI_SZ ASChannel
Cognizance REG_MULTI_SZ ASBroker
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:08]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 09:29]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-29 09:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EA99306-BC87-4930-9E1D-1D1EA32A7E4E}]
2010-01-18 05:06 568064 ----a-w- c:\program files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\tony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 417560]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll c:\progra~2\HEWLET~1\IAM\Bin\APSHook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\tony\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\tony\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.2 192.168.0.1
TCP: Interfaces\{4C43C4B9-7D8E-4350-B5A2-C86EDB711BB5}: NameServer = 192.168.0.1,192.168.0.2
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://192.168.0.150/JpegInst.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\b9y96jpt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nzbsrus.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - user.js: extensions.BabylonToolbar_i.id - acd5cd3c00000000000000247ef38618
FF - user.js: extensions.BabylonToolbar_i.hardId - acd5cd3c00000000000000247ef38618
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15381
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-15 20:10:22
ComboFix-quarantined-files.txt 2012-08-15 19:10
.
Pre-Run: 13,354,037,248 bytes free
Post-Run: 13,185,851,392 bytes free
.
- - End Of File - - 9F828E6FF93490F9EACF00CB546353C3

Broni · Aug 15, 2012

Good

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

tmacca · Aug 15, 2012

Well, do you think everything now looks good according to this?

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/15/2012 08:38:58 PM in x64 mode.
Windows Version: Windows 7
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!

Performing miscellaneous checks.
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Restarting Explorer.exe in order to apply changes.
Program finished at: 08/15/2012 08:39:50 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)

Broni · Aug 15, 2012

Looks good

Any current issues?

==============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

tmacca · Aug 16, 2012

Extras.txt:
OTL Extras logfile created on: 16/08/2012 21:28:58 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\tony\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 30.87% Memory free
3.73 Gb Paging File | 1.64 Gb Available in Paging File | 43.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.97 Gb Total Space | 46.43 Gb Free Space | 20.92% Space Free | Partition Type: NTFS

Computer Name: TONY-LAPTOP | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{424E8E17-A7B7-45B5-8C79-D58F04D9D920}" = HP Photosmart 5510 series Basic Device Software
"{4599ECEA-44C6-418C-9F66-9AAF5561CBDC}" = Embedded Security for HP ProtectTools
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94198F92-0C11-40FB-ADAD-D033C85D4D74}" = Drive Encryption for HP ProtectTools
"{98DE7960-458C-4104-90E9-910389C81AC9}" = VmciSockets
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HECI" = Intel(R) Management Engine Interface
"LSI Soft Modem" = LSI HDA Modem
"MediaInfo" = MediaInfo 0.7.56
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"PROSet" = Intel(R) Network Connections Drivers
"Sandboxie" = Sandboxie 3.68 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A852479-9040-48A4-8AEC-937ED8C1A26F}" = Citrix Access Gateway Administration Tool
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31EE5E44-4193-4B6E-A2FE-FBB109674A0D}" = VMware vCenter Converter Client 4.2.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8E3D7B-B20D-4FD6-9E72-A84BAD1C35CC}" = Privacy Manager for HP ProtectTools
"{4FB44ECF-F78B-45EC-8871-0E854D41D64E}" = 3 of 9 BarCode Font
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D0F1D39-F353-42DD-B6A3-B947500E246B}" = HP ProtectTools Security Manager
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722A2876-B382-4AB5-8CC9-007FF5B28641}" = HP ESU for Microsoft Windows 7
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC51C0F-DA8E-4370-9997-899B3435A647}" = VMware vSphere Host Update Utility 4.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = CANYON USB PC CAMERA
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.7
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C40698F9-A861-4531-9F8C-FA7F8961375B}" = VMware vSphere Client 4.0
"{C42BB613-5079-41C3-8CD1-037B9FFD818F}" = HP JavaCard for HP ProtectTools
"{CA1DC67A-A059-45D7-A2CF-F99D15876B6B}" = VMware vCenter Update Manager Client 4.1 Update 1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CF1A6387-88F6-4BD9-B0BE-EA1AF7024C7C}" = Microsoft Outlook Web Access S/MIME (2007)
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1C42E76-0165-4542-95FD-5A9F75023573}" = Credential Manager for HP ProtectTools
"{D2A36D72-D053-4FD5-8EC6-C8DF653B7879}" = BIOS Configuration for HP ProtectTools
"{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update
"{E60422F6-23F5-446A-B26D-70FF3092BF84}" = VMware vSphere CLI
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EA98753C-CB1C-4216-AC09-7EC3D3F62BAF}" = DameWare NT Utilities
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0E8C9FD-990F-48A8-9B3B-835DB0DACD26}" = VMware vSphere Update Manager Client 5.0
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"AviSynth" = AviSynth 2.5
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"DiskAid_is1" = DiskAid 4.71
"ffdshow_is1" = ffdshow v1.1.3814 [2011-04-11]
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.1111
"FileZilla Client" = FileZilla Client 3.5.1
"FordEtis IDS 1.1928" = FordEtis IDS 1.1928
"GNS3" = GNS3 0.7.3
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"ImgBurn" = ImgBurn
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"itrafficmonitor_is1" = iTraffic Monitor v1.0
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MPTagThat" = MPTagThat
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Rapport_msi" = Rapport
"VLC media player" = VLC media player 1.0.5
"VMware_Workstation" = VMware Workstation
"Wake-On-LAN Sender_is1" = Wake-On-LAN Sender 2.0.7
"WinPcapInst" = WinPcap 4.1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1337370660-1655620044-158343729-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 12

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 13

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 14

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 15

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 15/08/2012 17:45:34 | Computer Name = tony-laptop.themacartneys.com | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 16/08/2012 16:28:53 | Computer Name = tony-laptop.themacartneys.com | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Credential Manager Events ]
Error - 11/08/2011 08:58:40 | Computer Name = tony-laptop.themacartneys.com | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: tony@themacartneys
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/08/2011 08:58:54 | Computer Name = tony-laptop.themacartneys.com | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
tony@themacartneys Client GUID: {Password} Error: 0xC516020B Client Host: localhost
Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 11/08/2011 08:58:54 | Computer Name = tony-laptop.themacartneys.com | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: tony@themacartneys
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 30/10/2011 02:13:06 | Computer Name = tony-laptop.themacartneys.com | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
administrator@themacartneys Client GUID: {Password} Error: 0xC516020B Client Host:
localhost Client Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol:
HTTP

Error - 30/10/2011 02:13:06 | Computer Name = tony-laptop.themacartneys.com | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: administrator@themacartneys
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 06/01/2012 11:35:56 | Computer Name = tony-laptop.themacartneys.com | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
tony@themacartneys Client GUID: {Password} Error: 0xC516020B Client Host: localhost
Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 06/01/2012 11:35:56 | Computer Name = tony-laptop.themacartneys.com | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: tony@themacartneys
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 04/04/2012 02:29:01 | Computer Name = tony-laptop.themacartneys.com | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
tony@themacartneys Client GUID: {Password} Error: 0xC516020B Client Host: localhost
Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 04/04/2012 02:29:01 | Computer Name = tony-laptop.themacartneys.com | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: tony@themacartneys
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ System Events ]
Error - 15/08/2012 15:32:03 | Computer Name = tony-laptop.themacartneys.com | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1879.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.

Error - 15/08/2012 15:57:08 | Computer Name = tony-laptop.themacartneys.com | Source = DCOM | ID = 10010
Description =

Error - 15/08/2012 17:58:02 | Computer Name = tony-laptop.themacartneys.com | Source = DCOM | ID = 10010
Description =

Error - 16/08/2012 15:57:57 | Computer Name = tony-laptop.themacartneys.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain THEMACARTNEYS due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 16/08/2012 15:57:58 | Computer Name = tony-laptop.themacartneys.com | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 16/08/2012 16:01:18 | Computer Name = tony-laptop.themacartneys.com | Source = DCOM | ID = 10010
Description =

Error - 16/08/2012 16:02:10 | Computer Name = tony-laptop.themacartneys.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain THEMACARTNEYS due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 16/08/2012 16:02:11 | Computer Name = tony-laptop.themacartneys.com | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
computer name. This could be caused by one of more of the following: a) Name Resolution
failure on the current domain controller. b) Active Directory Replication Latency
(an account created on another domain controller has not replicated to the current
domain controller).

Error - 16/08/2012 16:12:50 | Computer Name = tony-laptop.themacartneys.com | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1879.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.

Error - 16/08/2012 16:12:50 | Computer Name = tony-laptop.themacartneys.com | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1879.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.

< End of report >

tmacca · Aug 16, 2012

MBAM:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-LAPTOP [administrator]

Protection: Enabled

16/08/2012 21:24:31
mbam-log-2012-08-16 (21-24-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227806
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL.txt:

OTL logfile created on: 16/08/2012 21:28:58 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\tony\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 30.87% Memory free
3.73 Gb Paging File | 1.64 Gb Available in Paging File | 43.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.97 Gb Total Space | 46.43 Gb Free Space | 20.92% Space Free | Partition Type: NTFS

Computer Name: TONY-LAPTOP | User Name: tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/16 21:23:36 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Desktop\OTL.exe
PRC - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/07/29 20:52:20 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/09 02:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/06/09 02:28:32 | 000,103,576 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/06/09 02:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/06/09 01:39:40 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012/06/09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\tony\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/24 21:42:50 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/23 13:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/02/20 15:10:31 | 005,860,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2010/12/19 13:57:13 | 000,150,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2010/05/20 16:26:32 | 000,764,784 | ---- | M] (Microsoft Corporation
) -- C:\Windows\vVX6000.exe
PRC - [2010/04/13 10:41:04 | 000,358,456 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/02/25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010/01/18 06:06:06 | 000,078,592 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2010/01/08 13:56:26 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/01/08 13:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/30 17:42:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/07/19 22:21:42 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/07/15 12:05:24 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/15 12:05:16 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\AMT\LMS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/07/06 15:34:58 | 011,227,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2009/05/07 20:05:44 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2009/04/27 20:41:58 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/22 17:06:23 | 000,588,872 | ---- | M] () -- C:\Program Files (x86)\LastPass\LPToolbar.dll
MOD - [2012/06/22 17:06:22 | 005,573,704 | ---- | M] () -- C:\Users\tony\AppData\LocalLow\LastPass\LPPlugin.dll
MOD - [2012/06/14 18:31:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 18:31:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/05 22:36:00 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/06/05 22:35:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/05 22:35:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/05 22:35:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/28 21:40:50 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/10/05 18:44:00 | 000,329,272 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/10 11:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/19 13:57:13 | 000,150,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/30 17:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/29 12:43:32 | 001,841,912 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/03 16:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/07/15 13:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/08/15 07:08:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/29 20:52:22 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/20 18:18:21 | 000,487,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Downloaded Program Files\DMService.exe -- (DMService)
SRV - [2012/06/09 02:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/09 02:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/09 01:39:40 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/06/09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2010/01/18 05:59:28 | 000,192,768 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2010/01/18 05:59:20 | 000,150,272 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2010/01/08 13:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/10/05 18:43:54 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/07/15 12:05:24 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/15 12:05:16 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/09 02:29:20 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/06/09 02:29:18 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012/06/09 02:27:30 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/06/08 23:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/06/08 23:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/04/10 11:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/29 21:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/06/03 14:34:10 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/27 20:46:26 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/20 16:26:32 | 002,143,600 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX6000Xp.sys -- (VX6000)
DRV:64bit: - [2010/03/05 11:09:04 | 000,015,464 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2010/03/05 11:09:04 | 000,014,952 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2010/03/05 11:09:02 | 000,055,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2010/03/01 14:56:28 | 000,549,888 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2010/02/25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/25 00:02:38 | 000,019,000 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CPQBTTN.sys -- (HBtnKey)
DRV:64bit: - [2010/02/01 11:12:14 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/01/08 13:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/08 09:14:12 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009/07/20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (RICOH SmartCard Reader)
DRV:64bit: - [2009/07/19 22:17:48 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/23 12:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/06/12 18:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/04/06 17:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/11/08 10:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2007/07/16 14:32:56 | 000,060,160 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV:64bit: - [2007/02/12 18:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2012/08/09 06:11:20 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
DRV - [2012/07/29 20:52:40 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/07/29 20:52:38 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/01/29 21:23:01 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/07 21:05:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/07/05 21:01:09] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2007/11/08 10:30:08 | 000,454,656 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PAC7302.sys -- (PAC7302)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 61 6D A6 87 A0 CB 01 [binary data]
IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...Encoding}&sourceid=ie7&rlz=1I7GGLL_en-GBGB411
IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nzbsrus.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 18:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 21:00:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}: C:\Users\tony\AppData\Local\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}\ [2012/08/12 21:36:57 | 000,000,000 | ---D | M]

[2010/12/20 22:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\mozilla\Extensions
[2012/06/18 19:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tony\AppData\Roaming\mozilla\Firefox\Profiles\b9y96jpt.default\extensions
[2012/06/23 19:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/23 19:59:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/30 13:55:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 21:29:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 22:06:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 22:06:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/14 21:34:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/19 13:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/25 21:11:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) --
[2012/08/12 21:36:57 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\TONY\APPDATA\LOCAL\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/01/09 16:29:58 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/01/09 16:29:58 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/01/09 16:29:58 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/01/09 16:29:58 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: VMware Remote Console and Client Integration Plug-in (Enabled) = C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/15 06:36:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Credential Manager for HP ProtectTools) - {0EA99306-BC87-4930-9E1D-1D1EA32A7E4E} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn64.dll (Bioscrypt Inc.)
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll File not found
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll File not found
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

tmacca · Aug 16, 2012

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll File not found
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\tony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: LastPass - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} C:\Users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT AntiViruses Class)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} C:\Users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\tony\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\tony\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} C:\Users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\tony\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://8111.hilldickinson.com/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\tony\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} C:\Users\tony\AppData\Local\Temp\f5tmp\f5opswati.cab (F5 Networks OPSWAT Helper Control)
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://192.168.0.150/JpegInst.cab (pmjpegcam Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = themacartneys.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C43C4B9-7D8E-4350-B5A2-C86EDB711BB5}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{651A40E4-20CB-41E4-9895-7BAFA5603825}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\x-owacid - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll) - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll (Bioscrypt Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook64.dll) - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll (Bioscrypt Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\bin\APSHOO~1.DLL) - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook64.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files (x86)\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

tmacca · Aug 16, 2012

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 21:23:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\tony\Desktop\OTL.exe
[2012/08/16 21:03:50 | 000,000,000 | R--D | C] -- C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2012/08/15 20:25:25 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Roaming\Malwarebytes
[2012/08/15 20:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/15 20:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/15 20:25:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/15 20:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/15 20:19:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/14 07:12:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/14 07:12:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/14 07:12:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/14 07:09:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/14 07:09:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/14 05:02:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/12 22:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/12 22:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/12 22:04:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/12 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/12 21:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/12 21:39:45 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/12 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\tony\AppData\Local\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}
[2012/07/21 12:41:13 | 000,000,000 | ---D | C] -- C:\music
[2012/06/09 10:07:37 | 006,221,896 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 21:23:36 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\tony\Desktop\OTL.exe
[2012/08/16 21:10:25 | 000,790,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 21:10:25 | 000,672,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 21:10:25 | 000,128,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 21:09:20 | 000,017,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 21:09:20 | 000,017,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 21:08:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 21:03:36 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 21:02:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 21:01:55 | 1502,294,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 21:00:48 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/15 22:58:08 | 000,001,938 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/08/15 22:41:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/15 20:25:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 19:42:17 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/15 06:36:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/15 06:35:44 | 309,803,761 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/12 22:29:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/12 22:28:31 | 000,796,738 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/12 21:53:45 | 001,144,963 | ---- | M] () -- C:\Users\tony\Desktop\ProcessExplorer.zip
[2012/08/12 11:17:34 | 000,002,000 | ---- | M] () -- C:\Users\tony\Documents\Default.rdp
[2012/07/29 20:52:38 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/07/23 21:33:53 | 000,416,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/15 20:25:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 07:12:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/14 07:12:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/14 07:12:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/14 07:12:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/14 07:12:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/12 22:28:32 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/12 21:53:39 | 001,144,963 | ---- | C] () -- C:\Users\tony\Desktop\ProcessExplorer.zip
[2012/06/17 13:42:42 | 000,009,216 | ---- | C] () -- C:\Users\tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/12 20:46:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/10/11 20:25:27 | 000,002,787 | ---- | C] () -- C:\Users\tony\AppData\Roaming\gns3.ini
[2011/06/13 19:16:33 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/13 19:04:26 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2011/06/13 19:04:26 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011/06/03 14:32:40 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/06/03 14:32:40 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/06/03 14:32:40 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/03/05 16:36:56 | 000,007,615 | ---- | C] () -- C:\Users\tony\AppData\Local\Resmon.ResmonCfg
[2011/01/23 19:17:42 | 000,001,311 | ---- | C] () -- C:\Windows\SysWow64\DfsMgmt.dll.config
[2011/01/23 19:17:37 | 000,001,315 | ---- | C] () -- C:\Windows\DfsrAdmin.exe.config
[2010/12/31 18:23:03 | 000,000,600 | ---- | C] () -- C:\Users\tony\AppData\Local\PUTTY.RND
[2010/07/16 19:03:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/26 22:27:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/05/26 20:44:58 | 000,005,702 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2010/05/26 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Infineon
[2012/02/11 16:34:46 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Babylon
[2011/01/18 17:55:37 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\CCS64
[2011/08/29 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\DameWare Development
[2012/02/11 09:15:36 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\DiskAid
[2012/08/16 21:03:56 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Dropbox
[2011/10/04 07:45:48 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Echo Software
[2011/11/03 20:11:05 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\FileZilla
[2011/09/18 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\ICAClient
[2011/06/12 16:17:01 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\ImgBurn
[2010/12/20 21:46:47 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\Infineon
[2011/05/10 11:29:11 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\MPTagThat
[2011/06/01 19:16:20 | 000,000,000 | ---D | M] -- C:\Users\tony\AppData\Roaming\sqlitestudio
[2012/08/01 19:42:44 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Broni · Aug 16, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\tony\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll File not found
O15 - HKU\S-1-5-21-1337370660-1655620044-158343729-1119\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/08/14 05:02:15 | 000,000,000 | ---D | C] -- C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

tmacca · Aug 17, 2012

OTL fixlog:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\LastPass Fill Forms\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43699cd0-e34f-11de-8a39-0800200c9a66}\ not found.
Registry value HKEY_USERS\S-1-5-21-1337370660-1655620044-158343729-1119\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\https deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\{592c8187-54b0-9145-c804-6140afd6967a}\U folder moved successfully.
C:\FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\{592c8187-54b0-9145-c804-6140afd6967a}\L folder moved successfully.
C:\FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\{592c8187-54b0-9145-c804-6140afd6967a} folder moved successfully.
C:\FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\U folder moved successfully.
C:\FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\L folder moved successfully.
C:\FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5540414 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tony
->Temp folder emptied: 214455 bytes
->Temporary Internet Files folder emptied: 75864439 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 124054872 bytes
->Google Chrome cache emptied: 12267185 bytes
->Flash cache emptied: 100419 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714108 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119847232 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51025555 bytes
RecycleBin emptied: 6060565 bytes

Total Files Cleaned = 378.00 mb

[EMPTYJAVA]

User: administrator

User: All Users

User: Default

User: Default User

User: Public

User: tony
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: tony
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08172012_144032
Files\Folders moved on Reboot...
C:\Users\tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\tony\AppData\Local\Temp\~DF5038AA84A988CEB5.TMP not found!
File\Folder C:\Users\tony\AppData\Local\Temp\~DFBE7C13DE73CDCB67.TMP not found!
File\Folder C:\Users\tony\AppData\Local\Temp\~DFC1088513D302E95B.TMP not found!
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NA3WA0HJ\62[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NA3WA0HJ\paydayuk_co_uk[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA25G7HQ\plusone_gadget[1].htm moved successfully.
File\Folder C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMZSAE3S\fastbutton[2].htm not found!
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMZSAE3S\PIE[1].htc moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMZSAE3S\pixel[4].htm moved successfully.
File\Folder C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AW6J9524\fastbutton[1].htm not found!
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT77FCMX\ads[2].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT77FCMX\sh096[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT77FCMX\si[4].htm moved successfully.
C:\Windows\temp\vmware-SYSTEM-4242128918\vmauthd.log moved successfully.
C:\Windows\temp\vmware-SYSTEM-4242128918\vmware-usbarb-SYSTEM-2964.log moved successfully.
File\Folder C:\Windows\temp\Google Toolbar\BIT9196.tmp not found!
C:\Windows\temp\GoogleToolbarInstaller2.log moved successfully.
PendingFileRenameOperations files...
File C:\Users\tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\tony\AppData\Local\Temp\~DF5038AA84A988CEB5.TMP not found!
File C:\Users\tony\AppData\Local\Temp\~DFBE7C13DE73CDCB67.TMP not found!
File C:\Users\tony\AppData\Local\Temp\~DFC1088513D302E95B.TMP not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NA3WA0HJ\62[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NA3WA0HJ\paydayuk_co_uk[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA25G7HQ\plusone_gadget[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMZSAE3S\fastbutton[2].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMZSAE3S\PIE[1].htc not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMZSAE3S\pixel[4].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AW6J9524\fastbutton[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT77FCMX\ads[2].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT77FCMX\sh096[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AT77FCMX\si[4].htm not found!
File C:\Windows\temp\vmware-SYSTEM-4242128918\vmauthd.log not found!
File C:\Windows\temp\vmware-SYSTEM-4242128918\vmware-usbarb-SYSTEM-2964.log not found!
File C:\Windows\temp\Google Toolbar\BIT9196.tmp not found!
File C:\Windows\temp\GoogleToolbarInstaller2.log not found!
Registry entries deleted on Reboot...

tmacca · Aug 17, 2012

security check log:

Results of screen317's Security Check version 0.99.44
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 29
HP JavaCard for HP ProtectTools
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.13) Firefox out of Date!
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

tmacca · Aug 17, 2012

farbar log:

Farbar Service Scanner Version: 06-08-2012
Ran by tony (administrator) on 17-08-2012 at 15:04:57
Running from "C:\Users\tony\Desktop"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

tmacca · Aug 17, 2012

Temp File Cleaner - run, no obvious issues reported

Broni · Aug 17, 2012

Eset?

tmacca · Aug 17, 2012

eset took a long time to run!

C:\Qoobox\Quarantine\C\ProgramData\0C1CFB13000D001A3518CADFF875EF60\0C1CFB13000D001A3518CADFF875EF60.exe.vir a variant of Win32/Kryptik.AKDG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\tony\AppData\Roaming\dmplmg.dll.vir a variant of Win32/Medfos.CM trojan cleaned by deleting - quarantined
C:\Users\tony\AppData\Local\{7324E2D1-E4BD-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08172012_144032\C_FRST\Quarantine\atdpn.dll a variant of Win32/Medfos.CO trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08172012_144032\C_FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\_OTL\MovedFiles\08172012_144032\C_FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08172012_144032\C_FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08172012_144032\C_FRST\Quarantine\{592c8187-54b0-9145-c804-6140afd6967a}\U\800000cb.@ Win64/Sirefef.AH trojan cleaned by deleting - quarantined

Broni · Aug 17, 2012

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

============================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

==================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

tmacca · Aug 17, 2012

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: tony
->Temp folder emptied: 1434082 bytes
->Temporary Internet Files folder emptied: 58018235 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30299 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2118986 bytes

Total Files Cleaned = 59.00 mb

[EMPTYFLASH]

User: administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: tony
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: administrator

User: All Users

User: Default

User: Default User

User: Public

User: tony
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08172012_191237
Files\Folders moved on Reboot...
C:\Users\tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\tony\AppData\Local\Temp\~DFE6510D4BC94FDA43.TMP moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMT0MZRG\bizo_multi[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMT0MZRG\pixel[5].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AORITI8G\page-2[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AORITI8G\partner[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACW41WNP\4773[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACW41WNP\net[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SUSRU5Z\partner[1].htm moved successfully.
C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SUSRU5Z\partner[2].htm moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2456.log moved successfully.
PendingFileRenameOperations files...
File C:\Users\tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\tony\AppData\Local\Temp\~DFE6510D4BC94FDA43.TMP not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMT0MZRG\bizo_multi[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMT0MZRG\pixel[5].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AORITI8G\page-2[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AORITI8G\partner[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACW41WNP\4773[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACW41WNP\net[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SUSRU5Z\partner[1].htm not found!
File C:\Users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SUSRU5Z\partner[2].htm not found!
[2012/08/17 19:15:39 | 000,000,000 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2456.log not found!
Registry entries deleted on Reboot...

tmacca · Aug 17, 2012

Everything appears to be working fine now. Thanks for all your help Broni, very much appreciated. Donation on its way!

Broni · Aug 17, 2012

Way to go!!
Good luck and stay safe

...and thank you

Solved Need help removing Win64/sirefef

Posts: 16 +0

Posts: 16 +0

Posts: 56,041 +516

Attachments

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 16 +0

Posts: 16 +0

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 16 +0

Posts: 16 +0

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 16 +0

Posts: 56,041 +516

Similar threads