Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Started with Google Redirecting, progressively gotten worse


  • This topic is locked This topic is locked
25 replies to this topic

#1 spurs21stx

spurs21stx

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 31 October 2011 - 02:53 PM

Thanks upfront for your responses and volunteering to help. Operating System is Windows XP Pro, V.2002, SP3. My computer(Dell Optiplex GX745) is infected with a virus that I first noticed when it started causing my Google searches to be redirected. This happens in IE, Firefox and Chrome. My IE does not launch anymore and also the main program that I need Autocad 2012 Civil 3D has been disabled. When I try to launch the program I get the following error: "Windows cannot access the specified device, path or file" (acad.exe). Also, I cannot log into my exchange outlook email, I have been using the web browser version to access my email. Normally when I launch Outlook it opens a login in window for me to enter my password, this does not happen now. Outlook just opens and I cannot send/receive new messages. I could not run the DDS log, when I tried it gave me an error "This program cannot be run in DOS Mode" and brought up a txt file with lots of what seems to be random characters writing. Also, malware bytes will not run, I start a quick scan and then it terminates after 30 seconds. Mcafee will not run also. The GMER log is attached.

Attached Files

  • Attached File  ark.txt   18.2KB   2 downloads

Edited by spurs21stx, 31 October 2011 - 02:57 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 05 November 2011 - 06:28 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 spurs21stx

spurs21stx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 08 November 2011 - 07:54 AM

Thanks for looking into this for me, I understand about the wait. I will work on your requests and get back to you.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 09 November 2011 - 06:14 AM

OK, I will keep my eye out for the logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 spurs21stx

spurs21stx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 09 November 2011 - 02:57 PM

Below are the OTL logs and the GMER log. Thanks for your help.

OTL logfile created on: 11/8/2011 8:04:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\WMathurin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 76.42% Memory free
4.84 Gb Paging File | 4.17 Gb Available in Paging File | 86.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 38.49 Gb Free Space | 25.84% Space Free | Partition Type: NTFS
Drive D: | 15.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive V: | 1.95 Gb Total Space | 1.94 Gb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: WMATHURIN-WKSTN | User Name: wmathurin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 07:51:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WMathurin\Desktop\OTL.exe
PRC - [2011/11/07 09:54:18 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\WMathurin\Local Settings\Temp\Adobelm_Cleanup.0001
PRC - [2011/09/20 11:27:36 | 000,477,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\mcuicnt.exe
PRC - [2011/09/20 11:15:26 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/08/08 17:28:02 | 000,977,408 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\WMathurin\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/06/10 05:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/06/10 05:58:32 | 000,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/02/05 20:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 12:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/20 13:32:32 | 001,312,256 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/03/09 12:44:12 | 000,132,608 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 10:25:12 | 000,623,104 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/11/26 11:35:00 | 000,121,856 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/01 13:49:42 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007/08/09 13:58:34 | 001,780,736 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/31 16:19:12 | 000,068,608 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe
PRC - [2007/05/31 16:15:48 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe
PRC - [2007/05/31 16:11:02 | 000,102,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
PRC - [2006/05/16 21:12:59 | 000,075,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/01/02 17:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 09:54:25 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\WMathurin\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp
MOD - [2011/11/07 09:54:18 | 000,697,884 | ---- | M] () -- C:\Documents and Settings\WMathurin\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp
MOD - [2011/11/07 09:54:18 | 000,573,952 | ---- | M] () -- C:\Documents and Settings\WMathurin\Local Settings\Temp\Adobelm_Cleanup.0001.dir.0000\~de7b92.tmp
MOD - [2011/10/13 02:01:36 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6dc9e240\mscorlib.dll
MOD - [2011/10/13 02:01:33 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b19efc79\system.drawing.dll
MOD - [2011/10/13 02:01:25 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_4e2f9f44\system.xml.dll
MOD - [2011/10/13 02:01:18 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_1d8dedb2\system.windows.forms.dll
MOD - [2011/10/13 02:01:10 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_581e836b\system.dll
MOD - [2011/10/13 02:01:03 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/13 02:01:02 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/04/19 11:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/04/19 11:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2010/02/05 20:14:42 | 000,077,624 | ---- | M] () -- C:\Program Files\McAfee Online Backup\librs2.dll
MOD - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009/03/09 12:44:12 | 000,132,608 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
MOD - [2008/11/26 11:35:00 | 000,121,856 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
MOD - [2008/10/16 08:14:10 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/08/12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008/07/29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008/07/29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008/07/29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008/07/29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008/07/29 12:51:22 | 000,806,912 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtNetwork4.dll
MOD - [2008/07/29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2008/04/01 13:49:42 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2006/12/10 19:31:12 | 000,087,800 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/12/03 13:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/08/11 17:23:24 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2004/08/11 17:23:22 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2004/08/11 17:23:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/11 17:23:22 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2004/08/11 17:23:22 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (0160701320065204mcinstcleanup) McAfee Application Installer Cleanup (0160701320065204)
SRV - [2011/09/20 11:15:26 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/09/19 09:58:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/03/31 08:28:52 | 000,365,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/30 10:51:36 | 000,144,704 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2011/03/13 10:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/03 00:24:10 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2011/02/02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/05 20:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 12:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/04 10:25:12 | 000,623,104 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/08/09 13:58:34 | 001,780,736 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/03/17 13:54:52 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2011/10/21 06:55:49 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2011/03/30 10:51:44 | 000,034,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2011/03/30 10:51:42 | 000,040,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2011/03/30 10:51:36 | 000,080,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/30 10:51:36 | 000,035,368 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 10:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 10:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2010/02/05 20:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/07 15:03:36 | 000,016,512 | ---- | M] (SHAPE Services GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mobiolavs.sys -- (mobiolavs)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/02/09 06:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 06:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 23:11:00 | 000,042,112 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/03/20 10:05:29 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/07/23 15:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/07/05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007/07/05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007/05/28 09:02:02 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/08/28 02:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070302
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070302


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070302
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070302
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070302
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070302
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/120
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=B8MC
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009/11/09 13:00:05 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/11/09 13:00:05 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/11/09 13:00:05 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\WMathurin\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\WMathurin\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/03/05 08:57:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/04/05 09:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/10/31 08:19:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/20 15:17:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/20 14:20:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\WMathurin\Application Data\Move Networks [2009/11/23 13:48:52 | 000,000,000 | ---D | M]

[2008/08/26 08:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WMathurin\Application Data\Mozilla\Extensions
[2011/10/21 07:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WMathurin\Application Data\Mozilla\Firefox\Profiles\eds0xtp4.default\extensions
[2008/02/13 07:10:00 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\WMathurin\Application Data\Mozilla\Firefox\Profiles\eds0xtp4.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2011/09/27 11:26:37 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\WMathurin\Application Data\Mozilla\Firefox\Profiles\eds0xtp4.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/10/08 11:09:11 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Documents and Settings\WMathurin\Application Data\Mozilla\Firefox\Profiles\eds0xtp4.default\extensions\smartbookmarksbar@remy.juteau
[2011/10/20 15:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/03 12:01:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/03/05 08:57:28 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2010/03/05 08:57:28 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2010/03/05 08:57:28 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/06/26 13:01:35 | 000,044,624 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2007/06/26 13:01:35 | 000,108,192 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2007/06/26 13:01:34 | 000,057,504 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2006/07/31 12:41:00 | 000,364,544 | ---- | M] (BrightStreet.com) -- C:\Program Files\mozilla firefox\plugins\NPcol305.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/03 12:00:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/05 12:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2008/08/29 10:18:14 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: Coupons-On-Line Netscape Plugin v. 3.0.4.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol305.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\WMathurin\Application Data\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\WMathurin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\WMathurin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: TweetDeck = C:\Documents and Settings\WMathurin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\0.9.8_0\
CHR - Extension: Poppit = C:\Documents and Settings\WMathurin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: eBuddy Web Messenger = C:\Documents and Settings\WMathurin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkojhhiphdgeliplnclnbmdiofhgnimi\2.0.9_0\

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PUStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RunPUTasktray] "C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1775233103-3616210004-254431072-1122..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\WMathurin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\WMathurin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\WMathurin\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} http://63.241.168.238/ae/ecwplugins/ncs1.cab (NCSView Class)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C2CE96C6-0732-4A48-BA35-6060526BA7A2} http://192.168.1.60/hp/device/webAccess/multipleFileUpload.cab (HP Multiple File Upload Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://usi-insurance.webex.com/client/T25L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://vault.schenkelshultz.com/DocumentVault/Public/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hta-fl.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCAE6E86-D153-4919-8CF8-FD5DFF7B7A22}: DhcpNameServer = 192.168.1.3
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1775233103-3616210004-254431072-1122 Winlogon: Shell - (C:\Documents and Settings\WMathurin\Local Settings\Application Data\7fb2a970\X) -C:\Documents and Settings\WMathurin\Local Settings\Application Data\7fb2a970\X ()
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/WMATHU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\WMathurin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WMathurin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/19 09:21:23 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 08:03:17 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WMathurin\Desktop\OTL.exe
[2011/10/31 09:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WMathurin\Desktop\gmer
[2011/10/31 09:07:53 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\WMathurin\Desktop\dds.scr
[2011/10/31 07:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/10/31 07:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/31 07:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2011/10/31 07:49:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Online Backup
[2011/10/31 07:49:24 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2011/10/31 07:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2011/10/31 07:46:54 | 000,080,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2011/10/31 07:46:54 | 000,040,648 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2011/10/31 07:46:54 | 000,035,368 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2011/10/31 07:46:49 | 000,120,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2011/10/31 07:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/10/31 07:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/10/31 07:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/10/31 07:40:50 | 000,034,376 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2011/10/31 07:35:45 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2011/10/21 09:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/21 09:00:00 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/21 09:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/20 15:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2011/10/20 15:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WMathurin\Start Menu\Programs\SpyNoMore
[2011/10/20 08:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WMathurin\Application Data\Sammsoft
[2011/10/20 08:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/10/20 08:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/10/20 07:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WMathurin\Local Settings\Application Data\PCHealth
[2011/10/20 07:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/10/20 07:35:58 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/20 07:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WMathurin\Application Data\Malwarebytes
[2011/10/20 07:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/19 14:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/19 07:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/10/19 07:30:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WMathurin\Local Settings\Application Data\7fb2a970
[2011/10/10 06:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WMathurin\Desktop\Vero Beach stormwater
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\WMathurin\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\WMathurin\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/11/08 07:57:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/08 07:51:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WMathurin\Desktop\OTL.exe
[2011/11/07 09:57:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/01 11:48:53 | 000,108,622 | ---- | M] () -- C:\Documents and Settings\WMathurin\Desktop\bookmarks.html
[2011/11/01 07:36:14 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/11/01 07:35:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/01 07:35:19 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/11/01 07:34:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/01 00:00:39 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2011/10/31 09:13:33 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\WMathurin\Desktop\gmer.zip
[2011/10/31 09:07:53 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\WMathurin\Desktop\dds.scr
[2011/10/31 08:26:51 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_60382.nl_
[2011/10/31 08:21:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1890169471
[2011/10/31 08:01:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/31 07:55:08 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/10/31 07:55:08 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/31 07:46:35 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2011/10/31 07:43:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\WMathurin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/31 07:31:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/28 12:39:32 | 000,256,776 | ---- | M] () -- C:\Documents and Settings\WMathurin\Desktop\111028133707_0001.pdf
[2011/10/26 13:41:56 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\WMathurin\My Documents\acad.err
[2011/10/26 07:53:08 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\WMathurin\My Documents\Drawing1.dwl2
[2011/10/26 07:53:08 | 000,000,066 | -H-- | M] () -- C:\Documents and Settings\WMathurin\My Documents\Drawing1.dwl
[2011/10/24 13:55:38 | 001,650,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 06:55:49 | 000,162,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2011/10/20 15:28:34 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/10/20 15:17:48 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WMathurin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/19 10:02:48 | 000,000,981 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2011/10/19 07:32:46 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/14 06:32:34 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\WMathurin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/14 02:02:00 | 000,507,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 02:02:00 | 000,090,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 02:08:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\WMathurin\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\WMathurin\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/03 13:45:30 | 000,847,232 | ---- | C] () -- C:\Documents and Settings\WMathurin\Desktop\_HTA Standard C3D 2011.dwt
[2011/11/01 11:48:53 | 000,108,622 | ---- | C] () -- C:\Documents and Settings\WMathurin\Desktop\bookmarks.html
[2011/10/31 09:13:32 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\WMathurin\Desktop\gmer.zip
[2011/10/31 07:55:08 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/10/31 07:51:25 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2011/10/31 07:46:35 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2011/10/31 07:46:34 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2011/10/31 07:43:21 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\WMathurin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/31 07:30:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/28 12:39:32 | 000,256,776 | ---- | C] () -- C:\Documents and Settings\WMathurin\Desktop\111028133707_0001.pdf
[2011/10/26 07:53:08 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\WMathurin\My Documents\Drawing1.dwl2
[2011/10/26 07:53:08 | 000,000,066 | -H-- | C] () -- C:\Documents and Settings\WMathurin\My Documents\Drawing1.dwl
[2011/10/21 06:56:29 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_60382.nl_
[2011/10/20 15:28:34 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/10/20 15:17:48 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WMathurin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/20 15:17:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/19 07:32:46 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/19 07:30:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1890169471
[2011/09/20 02:24:20 | 001,240,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1775233103-3616210004-254431072-1122-0.dat
[2011/09/20 02:24:19 | 000,403,762 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/12 08:51:03 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\WS_VideoConverterContextMenu.dll
[2011/04/22 16:05:03 | 002,000,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/22 11:12:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/31 14:52:22 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{ABB099BF-6CFD-D8ED-6976-00007E6DCDD4}
[2010/06/30 22:37:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lpng.dll
[2010/02/22 09:36:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/01/12 11:45:27 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/07/07 08:53:12 | 000,000,000 | ---- | C] () -- C:\Program Files\gditst
[2009/05/04 09:39:17 | 000,002,732 | ---- | C] () -- C:\Documents and Settings\WMathurin\Application Data\NMM-MetaData.db
[2008/07/30 09:27:46 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/03/20 10:05:29 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/03/20 10:05:21 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2008/02/14 14:14:29 | 000,000,152 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/02/14 13:47:03 | 000,000,835 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/10/03 14:45:09 | 000,002,878 | ---- | C] () -- C:\Documents and Settings\WMathurin\Application Data\FUIPRESETS.INI
[2007/09/04 10:54:38 | 000,000,420 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2007/08/03 09:24:24 | 000,001,808 | ---- | C] () -- C:\WINDOWS\epanet2.ini
[2007/06/26 13:02:20 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/05/24 15:29:15 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/10 14:25:58 | 000,171,520 | ---- | C] () -- C:\Documents and Settings\WMathurin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/28 08:11:46 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/03/20 15:51:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/03/20 12:40:09 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2007/03/20 12:40:09 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2007/03/20 07:58:54 | 000,002,387 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/03/20 07:42:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/03/19 11:39:13 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/03/19 09:20:41 | 000,000,598 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/17 14:36:10 | 048,324,552 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2007/03/17 13:57:22 | 000,001,018 | ---- | C] () -- C:\WINDOWS\LMAAW2DD.ini
[2007/03/17 13:40:59 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\WMathurin\Application Data\WorkingFolders.xml
[2007/03/17 12:03:21 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\WMathurin\Local Settings\Application Data\fusioncache.dat
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/03/02 12:18:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/02 12:16:06 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/02 11:55:15 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/03/02 11:55:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/03/02 11:54:30 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/28 14:38:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\HPDevEnm.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 001,650,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,507,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,090,048 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:23 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 23:00:16 | 000,042,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\imapi.sys
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/01/13 19:52:12 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[1998/10/19 13:44:50 | 000,184,832 | ---- | C] () -- C:\WINDOWS\System32\PONDS32h.dll
[1998/03/20 09:33:24 | 000,044,032 | ---- | C] () -- C:\WINDOWS\PONDS32_hh.dll

========== LOP Check ==========

[2008/11/19 12:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/09/19 14:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/01/12 11:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/12/28 16:28:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/22 09:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2007/05/24 15:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GeoVid
[2009/05/04 07:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/09/15 12:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/05/04 08:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/04/22 07:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/01/18 07:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/18 16:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\USDA
[2011/09/12 09:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2008/08/26 14:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\61soft
[2010/12/20 15:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Amazon
[2008/08/07 15:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Any Video Converter
[2011/09/19 14:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Autodesk
[2008/08/06 15:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Blackberry Desktop
[2010/06/18 13:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Canneverbe Limited
[2011/02/09 11:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Canon
[2007/06/26 07:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Downloaded Installations
[2011/10/31 06:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Dropbox
[2010/03/05 08:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\eMusic
[2008/10/21 14:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\FileZilla
[2010/02/22 09:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\G7PS
[2007/05/24 15:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\GeoVid
[2007/08/09 11:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\goplot
[2007/05/10 13:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Leadertech
[2011/03/16 14:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\MPEG Streamclip
[2009/05/04 09:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Nokia
[2009/05/04 08:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\PC Suite
[2011/04/22 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Research In Motion
[2011/10/20 08:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Sammsoft
[2010/09/07 14:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\UDC Profiles
[2008/05/15 10:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\webex
[2010/06/14 08:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\WinTR-55
[2011/09/12 08:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WMathurin\Application Data\Wondershare
[2011/10/31 07:46:35 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2011/11/01 00:00:39 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/08/15 14:52:25 | 000,093,620 | ---- | M] () -- C:\acadminidump.dmp
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/16 15:35:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/03/02 11:55:32 | 000,006,439 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/03/17 14:54:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/04/21 08:28:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/01 07:34:43 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/10/04 06:40:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/02/27 09:05:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/02/27 12:46:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/10/04 06:40:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/02/27 09:05:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/02/27 12:46:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2011/10/21 06:53:53 | 000,064,794 | ---- | M] () -- C:\TDSSKiller.2.6.12.0_21.10.2011_07.52.04_log.txt
[2011/10/21 07:54:36 | 000,064,258 | ---- | M] () -- C:\TDSSKiller.2.6.12.0_21.10.2011_08.53.33_log.txt
[2011/10/21 08:16:29 | 000,063,356 | ---- | M] () -- C:\TDSSKiller.2.6.12.0_21.10.2011_09.00.25_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPD81.DLL
[2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPP81.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/06/20 10:06:42 | 000,008,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll
[2007/06/24 13:16:26 | 000,239,616 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp5hg.dll
[2008/04/08 17:35:24 | 000,241,152 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp5no.dll
[2008/09/29 22:27:24 | 000,084,480 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\lmdippr8.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2011/09/06 08:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2011/10/20 15:28:34 | 000,001,152 | ---- | M] () -- C:\WINDOWS\system32\windrv.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2011/10/05 09:09:48 | 048,324,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\MRT.exe
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >
[2009/07/07 08:53:12 | 000,000,000 | ---- | M] () -- C:\Program Files\gditst

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 01:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 01:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 01:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 01:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 01:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 01:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] ()

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/29 01:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/29 01:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/29 01:53:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/29 01:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/29 01:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/29 01:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] ()
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] ()

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB10557$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\$NtUninstallKB54978$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\1890169471:2152552079.exe
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C918AC7F

< End of report >

OTL Extras logfile created on: 11/8/2011 8:04:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\WMathurin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 76.42% Memory free
4.84 Gb Paging File | 4.17 Gb Available in Paging File | 86.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 38.49 Gb Free Space | 25.84% Space Free | Partition Type: NTFS
Drive D: | 15.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive V: | 1.95 Gb Total Space | 1.94 Gb Free Space | 99.62% Space Free | Partition Type: FAT

Computer Name: WMATHURIN-WKSTN | User Name: wmathurin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE ()

[HKEY_USERS\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ()
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- ()
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Mobiola Web Camera for BlackBerry\webcam.exe" = C:\Program Files\Mobiola Web Camera for BlackBerry\webcam.exe:*:Enabled:Mobiola Web Camera for BlackBerry executable module
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\WMathurin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\WMathurin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\AecCB.exe" = C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\AecCB.exe:*:Enabled:Autodesk Content Browser -- (Autodesk, Inc.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\WSCommCntr3.exe" = C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\WSCommCntr3.exe:*:Enabled:Autodesk InfoCenter -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe" = C:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe:*:Enabled:AutoCAD Application -- ()
"C:\Program Files\Google\Picasa3\PicasaUpdater.exe" = C:\Program Files\Google\Picasa3\PicasaUpdater.exe:*:Enabled:Picasa -- (Google Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe" = C:\Program Files\Hewlett-Packard\HP Printer Utility\HPPU.exe:*:Enabled:HP Printer Utility HPPURun -- (Hewlett-Packard Company)
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" = C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe:*:Enabled:Nokia Launch Application -- (Nokia)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\WMathurin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\WMathurin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe" = C:\Program Files\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe:*:Enabled:HP Printer Utility Device Host -- (Hewlett-Packard Company)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:Userinit Logon Application -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{086026D0-B765-4C19-8654-43D0E110F5E5}" = VersaCheck Platinum 2010
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13950386-2040-4980-A463-A3701CB0BCB1}" = AutoCAD Civil 3D 2012 32 Bit Object Enabler on Autodesk Content Service - Language Neutral
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2CC4FA-EA3F-4F32-982E-A46FFFF4A679}" = PONDS 3.3 Application Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = HASP SRM Run-time
"{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5783F2D7-A000-0409-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
"{5783F2D7-A000-0409-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - English
"{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
"{5AA9FA4B-1218-42D5-8950-C78095DE6273}" = HP Web Registration
"{5D2B5775-E9B7-40C4-B221-0982FAB01565}" = BlackBerry Device Manager 6.0.2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD OD
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF47D65-DC5A-45E9-A029-297DE44D84CF}" = PipeLoad US v1-03
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71442FB1-FFA5-459B-B786-2902BD8EC86F}_is1" = PDF-XChange PDF Viewer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74D00AB6-C62F-4A45-A28F-E99EBDFD6769}" = PONDS 3.2 Application Suite
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CBC5F70-519C-403B-8388-6F0559FD687C}" = FAARFIELD
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A760067A-C07E-1033-0000-A764AC000007}" = Avery Template - U_0332_01_L
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89B6268-5E93-4E1F-B04B-2F573233C099}" = Autodesk Civil 3D - Civil Design Companion 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D68D2422-8A54-44A1-A76B-DA61244E6FEA}" = HP ICC Profiles
"{D7926497-E476-489B-B4E9-DBFCA45483A2}" = Autodesk® Storm and Sanitary Analysis 2012
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E896DA69-F993-440E-8515-EB197EFB284F}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F46B6BF8-93C8-456A-B97D-C2B41D4E9381}" = HP Printer Utility
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{FA305285-94AB-4163-A108-79E7F71FB416}" = AutoCAD Civil 3D 2012 32 Bit Object Enabler on Autodesk® Storm and Sanitary Analysis 2012 - Language Neutral
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Any Video Converter_is1" = Any Video Converter 2.6.2
"ARO 2011_is1" = ARO 2011
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Bink and Smacker" = Bink and Smacker
"BlackBerry_{5D2B5775-E9B7-40C4-B221-0982FAB01565}" = BlackBerry Device Manager 6.0.2
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Civil Essentials Express Tools Version 3_is1" = Steltman Software Civil Essentials Express Version 3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Corpscon" = Corpscon 6.0.1
"Coupon Printer for Windows1.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"DWG TrueView 2010" = DWG TrueView 2010
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"EPANET 2.0" = EPANET 2.0
"GanttProject" = GanttProject
"Hardlock Device Driver" = Hardlock Device Driver
"Hardlock Device Drivers" = Hardlock Device Drivers
"HASP Device Drivers" = HASP Device Drivers
"HP Designjet T1100 Printer Series" = HP Designjet T1100 Printer Series
"Icpr3" = Icpr 3.10 Service Pack 7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Web Server IE Plugin" = Image Web Server IE Plugins 2,0,0,104
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neato CD Face" = Neato CD Face
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PDF Report Writer_is1" = PDF Report Writer (novaPDF 6.4 printer)
"Picasa 3" = Picasa 3
"SearchAssist" = SearchAssist
"Splotw32" = SPLOT32 Plotter Simulator
"SpyNoMore" = SpyNoMore 2.98
"ST6UNST #1" = Renamer
"ST6UNST #2" = Ledfaa13
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VidLogo_is1" = VidLogo
"VLC media player" = VLC media player 1.1.9
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinTR-55 Small Watershed Hydrology_is1" = WinTR-55, Version 1.00.08
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.4.1)
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1775233103-3616210004-254431072-1122\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.1.4.1
"GoToMeeting" = GoToMeeting 4.5.0.457
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2011 2:37:15 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 2:47:27 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 4:08:21 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 4:35:15 PM | Computer Name = WMATHURIN-WKSTN | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x80072095). A directory service error has occurred. Enrollment
will not be performed.

Error - 10/27/2011 4:35:33 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 5:39:27 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 6:23:39 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 7:30:34 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 8:01:46 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

Error - 10/27/2011 9:10:40 PM | Computer Name = WMATHURIN-WKSTN | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC protocol
sequence is not supported. ). Group Policy processing aborted.

[ System Events ]
Error - 11/8/2011 7:36:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 7:46:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 7:56:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 8:06:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 8:16:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 8:26:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 8:36:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 8:46:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 8:56:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding

Error - 11/8/2011 9:06:37 AM | Computer Name = WMATHURIN-WKSTN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
-Embedding


< End of report >

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-09 14:52:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160812AS rev.3.ADJ
Running: gmer.exe; Driver: C:\DOCUME~1\WMATHU~1\LOCALS~1\Temp\pwxiiuob.sys


---- System - GMER 1.0.15 ----

SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D7FCE]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FCE] ZwCreateKey [0x804D7FCE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x804D7FD8]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FD8] ZwDeleteKey [0x804D7FD8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x804D7FC9]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FC9] ZwDeleteValueKey [0x804D7FC9]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x804D7FDD]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FDD] ZwEnumerateKey [0x804D7FDD]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x804D7FE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FE2] ZwEnumerateValueKey [0x804D7FE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D7FF1]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FF1] ZwOpenKey [0x804D7FF1]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x804D7FEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FEC] ZwQueryKey [0x804D7FEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x804D7FE7]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FE7] ZwQueryValueKey [0x804D7FE7]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x804D7FD3]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FD3] ZwSetValueKey [0x804D7FD3]

INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D7FFB
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A5D3216D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A5D31FC2

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA80A8A00]
.text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xA5958000, 0x444CF, 0xE0000020]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xA59AB224]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xA59AB000, 0x7000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA5885400, 0x87EE2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA5929620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA5929620]
.protect˙˙˙˙hardlockunknown last code section [0xA5929400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA5929400, 0x5126, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+a aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk1\DR9 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \Driver\00000624 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 8AF4C140

---- Files - GMER 1.0.15 ----

ADS C:\WINDOWS\1890169471:2152552079.exe 816 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\$NtUninstallKB10557$\2142415216 0 bytes
File C:\WINDOWS\$NtUninstallKB10557$\2142415216\L 0 bytes
File C:\WINDOWS\$NtUninstallKB10557$\2142415216\U 0 bytes
File C:\WINDOWS\$NtUninstallKB10557$\3581658275 0 bytes
File C:\WINDOWS\$NtUninstallKB54978$\1551354422 0 bytes
File C:\WINDOWS\$NtUninstallKB54978$\2142415216 0 bytes
File C:\WINDOWS\$NtUninstallKB54978$\2142415216\L 0 bytes
File C:\WINDOWS\$NtUninstallKB54978$\2142415216\U 0 bytes

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\1890169471:2152552079.exe [MANUAL] 7fb2a970 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 09 November 2011 - 06:16 PM

Hello, spurs21stx.
Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Please download DummyCreator.zip and unzip it.
  • Run the tool.
  • Copy and paste the following into the edit box:

    C:\WINDOWS\1890169471
  • Press Create button and post the content of the Result.txt.

    Important: Restart the computer.



Step 2

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 12 November 2011 - 07:11 AM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 spurs21stx

spurs21stx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 12 November 2011 - 01:11 PM

Sorry for the delay, just trying to decide which direction to go...is reformatting a 100% secure fix once it is done? I know you said removal will not equal 100% secure machine because of the backdoor compromise.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 13 November 2011 - 07:26 AM

Reformatting is the only way to be 100% sure you are starting with a clean, uninfected machine. WE can be fairly sure if we clean it, just not 100% sure. Of course, once you plug into the internet, that 100% is no longer true. There's always a chance of infection.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 spurs21stx

spurs21stx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 14 November 2011 - 02:46 PM

Etavares,

I decided to move forward with the removal. Here is what I came up with on the logs you wanted. Not sure if they ran like they should have, thanks.

DummyCreator by Farbar
Ran by wmathurin (administrator) on 14-11-2011 at 12:21:28
**************************************************************

C:\WINDOWS\1890169471 not found
== End of log ==

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Common Files\InstallShield\UpdateService\agent.exe: Access is denied.


...

...

..\\?\c:\\Program Files\Evernote\Evernote3.5: JUNCTION
Substitute Name: C:\Program Files\Evernote\Evernote

.

...

...

...

...
Failed to open \\?\c:\\Program Files\Internet Explorer\iexplore.exe: Access is denied.




..
Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.


.
Failed to open \\?\c:\\Program Files\McAfee\VirusScan\mcods.exe: Access is denied.



Failed to open \\?\c:\\Program Files\McAfee\VirusScan\Mcshield.exe: Access is denied.




...

...

...

...

..
Failed to open \\?\c:\\WINDOWS\$NtUninstallKB10557$: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB54978$: Access is denied.


.

...

...

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790


Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop.ini: Access is denied.


\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

..

...

...

...

..\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5

.

...

...

...

...

...

..
Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.


.

...

...

...

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 15 November 2011 - 06:33 AM

OK, please re-run Dummy Creator as before...it didn't properly complete so the virus is still active.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 spurs21stx

spurs21stx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 15 November 2011 - 08:50 AM

I re-ran Dummy Creator as you asked, here is the log.

DummyCreator by Farbar
Ran by WMathurin (administrator) on 15-11-2011 at 08:48:03
**************************************************************

C:\WINDOWS\1890169471 [15-11-2011 08:48:03]

== End of log ==

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 16 November 2011 - 06:17 AM

Hello, spurs21stx.

It worked that time. Let's clean house.



Step 1

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

c:\Program Files\Autodesk\AutoCAD Civil 3D 2012\acad.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\McAfee\VirusScan\mcods.exe
c:\Program Files\McAfee\VirusScan\Mcshield.exe
c:\WINDOWS\$NtUninstallKB10557$
c:\WINDOWS\$NtUninstallKB54978$
c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini
c:\WINDOWS\system32\MRT.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.



Step 2



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 PM

Posted 19 November 2011 - 08:17 AM

STill with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 spurs21stx

spurs21stx
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 20 November 2011 - 06:35 PM

Yes, still here...sorry for the delays, I will try what you said and get back to you, hopefully tomorrow, latest Tuesday.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users