Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help cleaning win7x64


  • This topic is locked This topic is locked
26 replies to this topic

#1 gjutras

gjutras

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 27 March 2012 - 12:09 PM

Hi I think I've mostly cleaned out the problem, but I'm still getting popups trying to go to a web site with an obfuscated querystring to a proxy that doesn't exists anymore. I'm runnning windows 7 x64. I've tried running combofix and spybot s&d and malwarebytes antimalware and ad aware se and the eset online scanner. None of the antimalware is showing anything. I'me posting the dds logs and my combofix logs.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_22
Run by gary.jutras at 12:46:19 on 2012-03-27
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7090.2493 [GMT -4:00]
.
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\SafeBoot\SbClientManager.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\avs\bin\avagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\dllhost.exe
C:\Program Files (x86)\Quest Software\Toad for Data Analysts 2.7\SQLLIB\BIN\db2mgmtsvc.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe
C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\sqlservr.exe
C:\oracle\product\11.2.0\client_1\bin\omtsreco.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft BizTalk\RuleEngineUpdateService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\Program Files (x86)\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Enterprise Single Sign-On\ENTSSO.exe
C:\Windows\system32\mqtgsvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\NotificationServices\9.0.242\bin\NSService.exe
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe
C:\Program Files\NirSoft\VoluMouse\volumouse.exe
C:\Program Files (x86)\FeedDemon\FeedDemon.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft BizTalk Server 2010\BTSNTSvc.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5w.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\avs\bin\avscc.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe
C:\Program Files (x86)\SafeBoot\SbTokWatch.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\fdlauncher.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
C:\Windows\System32\mstsc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\explorer.exe
K:\packages\Ad-Aware\GMER.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://Pulse
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
BHO: Microsoft Web Test Recorder Helper: {62355041-605d-4469-84fd-5d66ed67a7e3} - C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Volumouse32] "C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe" /nodlg
uRun: [Volumouse] "C:\Program Files\NirSoft\VoluMouse\volumouse.exe" /nodlg
uRun: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SansaDispatch] C:\Users\gary.jutras\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
uRun: [Push Client] "C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe"
uRun: [ApacheTomcatMonitor5.5_Tomcat5] "C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5w.exe" //MS//Tomcat5
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [MusicManager] "C:\Users\gary.jutras\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
mRun: [SafeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"
mRun: [SafeBootTokenWatcher] "C:\Program Files (x86)\SafeBoot\SbTokWatch.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SurveyorSession] C:\Program Files (x86)\Verdiem\SurveyorSD\bin\SurveyorSession.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\GARY~2.JUT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\gary.jutras\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\GARY~2.JUT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
StartupFolder: C:\Users\GARY~2.JUT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\client.lnk - C:\Program Files (x86)\avs\bin\avscc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQLPRO~1.LNK - C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico
uPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
mPolicies-explorer: NoStartMenuEjectPC = 0 (0x0)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE15~1.0_2\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: compliancewire.com
Trusted Zone: covidien.com
Trusted Zone: kaplanwire.com
Trusted Zone: knowledgewire.com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\www
Trusted Zone: tamans-it08v
Trusted Zone: TAMANS-SM02
Trusted Zone: thcg.net\TAMANS-SM02
Trusted Zone: na-applications
DPF: Web-Based Email Tools - hxxp://email05.secureserver.net/Download.CAB
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} - hxxp://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://tamans-it08v:8080/qcbin/Spider91.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
DPF: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btc.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://dr-remote.covidien.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 10.0.202.107 10.0.202.108 10.0.202.109
TCP: Interfaces\{2130A9D8-234E-4ECC-947F-7C161C30F219} : NameServer = 10.0.202.108,10.0.202.107
TCP: Interfaces\{3D46210D-D2B5-4F53-91C6-DDF493DDBB4E} : DhcpNameServer = 10.0.202.107 10.0.202.108 10.0.202.109
TCP: Interfaces\{E2FA8AA3-3100-4A5E-A1BE-BED1E8742C55}\84F6C69646169794E6E6 : DhcpNameServer = 192.168.27.1
TCP: Interfaces\{E2FA8AA3-3100-4A5E-A1BE-BED1E8742C55}\A65747271637E2E65647 : DhcpNameServer = 68.87.71.230 68.87.73.246
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files (x86)\Quest Software\Toad for Oracle 10.6\RNetPin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: HP ProtectTools Security Manager Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
BHO-X64: HP ProtectTools Security Manager Extension - No File
BHO-X64: Microsoft Web Test Recorder Helper: {62355041-605D-4469-84FD-5D66ED67A7E3} - C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: Microsoft Web Test Recorder 9.0 Helper: {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [SafeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"
mRun-x64: [SafeBootTokenWatcher] "C:\Program Files (x86)\SafeBoot\SbTokWatch.exe"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NUSB3MON] "c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SurveyorSession] C:\Program Files (x86)\Verdiem\SurveyorSD\bin\SurveyorSession.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\gary.jutras\AppData\Roaming\Mozilla\Firefox\Profiles\92ip19u4.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61636
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2009-8-14 60128]
R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2008-12-9 15616]
R1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2008-12-9 58112]
R1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2008-12-9 23296]
R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2008-12-9 13368]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-25 89600]
R2 avbackup;Backup Agent;C:\Program Files\avs\bin\avagent.exe [2012-2-9 8008248]
R2 BTSSvc$BizTalkServerApplication;BizTalk Service BizTalk Group : BizTalkServerApplication;C:\Program Files (x86)\Microsoft BizTalk Server 2010\BTSNTSvc.exe [2010-7-31 47952]
R2 DB2MGMTSVC_TACOM27;DB2 Management Service (TACOM27);C:\Program Files (x86)\Quest Software\Toad for Data Analysts 2.7\SQLLIB\BIN\db2mgmtsvc.exe [2010-5-15 37736]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-6-15 1498224]
R2 ENTSSO;Enterprise Single Sign-On Service;C:\Program Files\Common Files\Enterprise Single Sign-On\ENTSSO.exe [2010-7-31 93520]
R2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-11-1 39840]
R2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-3-16 36864]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152152]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-8-25 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R2 MSSQL$R2;SQL Server (R2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
R2 NS$BAMAlerts;NS$BAMAlerts;c:\Program Files (x86)\Microsoft SQL Server\90\NotificationServices\9.0.242\bin\NSService.exe "BAMAlerts" --> c:\Program Files (x86)\Microsoft SQL Server\90\NotificationServices\9.0.242\bin\NSService.exe BAMAlerts [?]
R2 RuleEngineUpdateService;Rule Engine Update Service;C:\Program Files (x86)\Common Files\Microsoft BizTalk\RuleEngineUpdateService.exe [2010-7-31 34672]
R2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\SafeBoot\SbClientManager.exe [2008-12-9 380988]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-17 378984]
R2 SurveyorSD;Verdiem Surveyor Client;C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSD.exe [2009-11-2 2225480]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-17 2320920]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-6-17 228408]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 FirehkMP;FirehkMP;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 HIPK;McAfee Inc. HIPK;C:\Windows\system32\drivers\HIPK.sys --> C:\Windows\system32\drivers\HIPK.sys [?]
R3 HIPPSK;McAfee Inc. HIPPSK;C:\Windows\system32\drivers\HIPPSK.sys --> C:\Windows\system32\drivers\HIPPSK.sys [?]
R3 HIPQK;McAfee Inc. HIPQK;C:\Windows\system32\drivers\HIPQK.sys --> C:\Windows\system32\drivers\HIPQK.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-3-27 17152]
R3 MSSQLFDLauncher$R2;SQL Full-text Filter Daemon Launcher (R2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\system32\DRIVERS\rismcx64.sys --> C:\Windows\system32\DRIVERS\rismcx64.sys [?]
S2 BMFMySQL;BMFMySQL;C:\ProgramData\Quest Software\BMF\Repository\MySQL\bin\mysqld-max-nt.exe [2005-10-22 4431872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FMAuditAgent;FMAudit Agent;C:\Program Files\FMAudit, LLC\FMAudit Agent\fmaagent.exe [2009-11-2 294912]
S2 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe [2011-10-30 912384]
S2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-18 1664304]
S3 ANTS Memory Profiler 5 Service;ANTS Memory Profiler 5 Service;C:\Program Files\Red Gate\ANTS Memory Profiler 5\RedGate.Memory.IISService.exe [2010-7-15 8704]
S3 ANTS Performance Profiler 5 Service;ANTS Performance Profiler 5 Service;C:\Program Files\Red Gate\ANTS Performance Profiler 5\RedGate.Profiler.IISService.exe [2010-7-15 9728]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2011-5-18 68096]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2011-9-2 15768]
S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv64.sys --> C:\Windows\system32\DRIVERS\DAMDrv64.sys [?]
S3 Firehk;McAfee NDIS Intermediate Filter;C:\Windows\system32\DRIVERS\firehk.sys --> C:\Windows\system32\DRIVERS\firehk.sys [?]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2009-12-7 362040]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MsDtsServer;SQL Server Integration Services;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2011-3-25 202592]
S3 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]
S3 MSOLAP$R2;SQL Server Analysis Services (R2);C:\Program Files\Microsoft SQL Server\MSAS10_50.R2\OLAP\bin\msmdsrv.exe [2011-6-17 54791520]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ReportServer$R2;SQL Server Reporting Services (R2);C:\Program Files\Microsoft SQL Server\MSRS10_50.R2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-3-25 13664]
S3 SQLAgent$R2;SQL Server Agent (R2);C:\Program Files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S3 SSBExternalActivator;Service Broker External Activator;C:\Program Files (x86)\Service Broker\External Activator\Bin\ssbeas.exe [2010-4-3 141152]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Tomcat5;Apache Tomcat 5.5 Tomcat5;C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5.exe [2011-9-18 74752]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-9-4 71024]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2012-03-27 15:53:12 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-27 15:52:26 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-03-27 15:51:29 200704 ----a-w- C:\Windows\SafeBoot.scr
2012-03-27 14:23:42 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-27 14:06:00 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-27 14:02:28 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-27 13:37:18 47080 ----a-w- C:\Windows\System32\HIPIS0e011b5.dll
2012-03-27 13:37:18 40328 ----a-w- C:\Windows\SysWow64\HIPIS0e011b5.dll
2012-03-26 20:58:26 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-26 20:58:16 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-26 20:58:16 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-26 20:58:16 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-26 20:58:03 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-26 20:58:03 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-26 20:35:54 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-26 20:35:54 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-26 20:35:54 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-26 20:35:53 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-26 20:35:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-25 22:48:49 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-21 19:51:57 -------- d-----w- C:\Users\gary.jutras\AppData\Roaming\Safer Networking
2012-03-21 19:51:41 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-03-21 19:41:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-21 19:41:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-21 14:57:18 -------- d-----w- C:\Users\gary.jutras\AppData\Roaming\Malwarebytes
2012-03-21 14:57:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-21 14:57:09 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-21 14:57:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 14:47:15 -------- d-----w- C:\Program Files (x86)\947E3
2012-03-21 14:47:04 -------- d-----w- C:\Users\gary.jutras\AppData\Roaming\72A94
2012-03-20 12:55:06 930160 ----a-w- C:\Windows\System32\ccmcore.dll
2012-03-20 12:55:06 26464 ----a-w- C:\Windows\System32\xprslib.dll
2012-03-20 12:54:15 -------- d-----w- C:\Windows\ms
2012-03-09 14:22:09 -------- d-----w- C:\Users\gary.jutras\AppData\Local\PasswordSafe
2012-03-08 16:11:49 -------- d-----w- C:\Program Files\iPod
2012-03-08 16:11:48 -------- d-----w- C:\Program Files\iTunes
2012-03-08 16:11:48 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-03-08 03:49:06 143008 ----a-w- C:\Windows\SysWow64\KevlarSigs.dll
2012-02-17 20:09:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-26 17:14:56 729677 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Italian.scr
2012-01-26 17:14:56 729677 ----a-w- C:\Windows\System32\CovCorpScreensaver-Italian.scr
2012-01-26 17:14:26 731738 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Turkish.scr
2012-01-26 17:14:26 731738 ----a-w- C:\Windows\System32\CovCorpScreensaver-Turkish.scr
2012-01-26 17:13:12 763578 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Thai.scr
2012-01-26 17:13:12 763578 ----a-w- C:\Windows\System32\CovCorpScreensaver-Thai.scr
2012-01-17 13:04:16 760073 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Korean.scr
2012-01-17 13:04:16 760073 ----a-w- C:\Windows\System32\CovCorpScreensaver-Korean.scr
2012-01-17 13:02:48 765726 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Japanese.scr
2012-01-17 13:02:48 765726 ----a-w- C:\Windows\System32\CovCorpScreensaver-Japanese.scr
2012-01-13 20:33:20 767208 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-ChineseTraditional.scr
2012-01-13 20:33:20 767208 ----a-w- C:\Windows\System32\CovCorpScreensaver-ChineseTraditional.scr
2012-01-12 18:57:58 730945 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 18:57:58 730945 ----a-w- C:\Windows\System32\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 18:55:54 730434 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 18:55:54 730434 ----a-w- C:\Windows\System32\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 18:55:24 762740 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 18:55:24 762740 ----a-w- C:\Windows\System32\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 18:54:54 733165 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Russian.scr
2012-01-12 18:54:54 733165 ----a-w- C:\Windows\System32\CovCorpScreensaver-Russian.scr
2012-01-12 18:54:24 730967 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 18:54:24 730967 ----a-w- C:\Windows\System32\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 18:53:10 730909 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 18:53:10 730909 ----a-w- C:\Windows\System32\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 18:52:38 731597 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Polish.scr
2012-01-12 18:52:38 731597 ----a-w- C:\Windows\System32\CovCorpScreensaver-Polish.scr
2012-01-12 18:52:14 731045 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Malay.scr
2012-01-12 18:52:14 731045 ----a-w- C:\Windows\System32\CovCorpScreensaver-Malay.scr
2012-01-12 18:51:40 731154 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Hungarian.scr
2012-01-12 18:51:40 731154 ----a-w- C:\Windows\System32\CovCorpScreensaver-Hungarian.scr
2012-01-12 18:51:02 732075 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-German.scr
2012-01-12 18:51:02 732075 ----a-w- C:\Windows\System32\CovCorpScreensaver-German.scr
2012-01-12 18:50:30 732289 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Greek.scr
2012-01-12 18:50:30 732289 ----a-w- C:\Windows\System32\CovCorpScreensaver-Greek.scr
2012-01-12 18:50:06 730338 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 18:50:06 730338 ----a-w- C:\Windows\System32\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 18:48:58 730309 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 18:48:58 730309 ----a-w- C:\Windows\System32\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 18:47:04 730318 ----a-w- C:\Windows\SysWow64\CovCorpScreensaver-Dutch.scr
2012-01-12 18:47:04 730318 ----a-w- C:\Windows\System32\CovCorpScreensaver-Dutch.scr
2012-01-12 18:44:30 731140 ----a-w- C:\Windows\SysWow64\CovCorpScreenSaver-Danish.scr
2012-01-12 18:44:30 731140 ----a-w- C:\Windows\System32\CovCorpScreenSaver-Danish.scr
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 12:47:11.72 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2010 5:55:21 PM
System Uptime: 3/27/2012 11:49:04 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1521
Processor: Intel® Core™ i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 99.607 GiB free.
D: is CDROM ()
E: is CDROM ()
K: is FIXED (NTFS) - 466 GiB total, 197.875 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1C86EF2&0&6C8336A29A09_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{936DA01F-9ABD-4D9D-80C7-02AF85C822A8}_VID&0001000F_PID&0000\8&1C86EF2&0&6C8336A29A09_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&1C86EF2&0&6C8336A29A09_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&1C86EF2&0&6C8336A29A09_C00000000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Shrew Soft Virtual Adapter
Device ID: ROOT\VNET\0000
Manufacturer: Shrew Soft
Name: Shrew Soft Virtual Adapter
PNP Device ID: ROOT\VNET\0000
Service: vnet
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1C86EF2&0&6C8336A29A09_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{453994D5-D58B-96F9-6616-B37F586BA2EC}_VID&0001000F_PID&0000\8&1C86EF2&0&6C8336A29A09_C00000000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&266CD0B8&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&266CD0B8&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP370: 3/27/2012 12:15:53 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
ABC Amber ePub Converter
ABC Amber Palm Converter
AC3Filter 1.63b
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced Diary v3.0
AHV content for Acrobat and Flash
Amazon Kindle
Android SDK Tools
Apache CouchDB 1.0.2
Apache HTTP Server 2.2.3
Apple Application Support
Apple Software Update
Aspose.Cells
AT&T Connect Participant Application v9.0.82
AWS SDK for .NET
Balsamiq Mockups For Desktop
Benchmark Factory for Databases
Beyond Compare Version 3.2.2
Bing Bar
calibre
Cheat Engine 5.4
ClipX
Configuration Manager Client
Cozi Outlook Toolbar
Crystal Reports 2008 Runtime SP2
Crystal Reports Basic for Visual Studio 2008
Crystal Reports for Visual Studio
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Ditto 3.17.0.17
DivX Setup
Dotfuscator Software Services - Community Edition
DreamCoder for Oracle 6.0
Dropbox
Electric Mobile Simulator version v1.0 (Beta)
Epson Event Manager
EPSON Scan
EpsonNet Print
EpsonNet Setup
Erlang OTP R14B02 (5.8.3)
ESET Online Scanner v3
Family Tree Maker 2011
FeedDemon
Fiddler2
FrontRangeOutlookAddIn
FRSAutoDeployPreReqSetup
GDR 5057 for SQL Server Analysis Services 2005 ENU (KB2494120)
GDR 5057 for SQL Server Database Services 2005 ENU (KB2494120)
GDR 5057 for SQL Server Integration Services 2005 ENU (KB2494120)
GDR 5057 for SQL Server Notification Services 2005 ENU (KB2494120)
GDR 5057 for SQL Server Reporting Services 2005 ENU (KB2494120)
GDR 5057 for SQL Server Tools and Workstation Components 2005 ENU (KB2494120)
GlassFish Server Open Source Edition 3.0.1
Google Chrome
Handbrake 0.9.4
Helium Music Manager 8 (build 9840)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2565057)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)
Hotfix for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2522890)
Hotfix for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2548139)
Hotfix for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2635973)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB2465361)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB2538241)
Hotfix for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB971092)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP ESU for Microsoft Windows 7
HP Performance Advisor
HP Quick Launch Buttons
HP Webcam
HP Webcam Driver
IDT Audio
ImgBurn
Intel® Management Engine Components
InterVideo Register Manager
InterVideo WinDVD
iPubsoft Kindle DRM Removal build(2.1.0)
J2SE Development Kit 5.0 Update 22
J2SE Development Kit 5.0 Update 7
J2SE Runtime Environment 5.0 Update 22
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment Standard Edition v1.3.1_20
Java 2 Runtime Environment, SE v1.4.2_19
Java 2 SDK Standard Edition v1.2.2_017
Java 2 SDK Standard Edition v1.3.1_20
Java 2 SDK, SE v1.4.2_19
Java™ SE Development Kit 6 Update 22
Java™ SE Development Kit 6 Update 24
JetBrains ReSharper 6.1
JGsoft RegexBuddy 3 v.3.1.0
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client
Knowledge Xpert
Knowledge Xpert for Oracle Administration
Knowledge Xpert for PLSQL
Knowledge Xpert Oracle Common
Logitech High Quality Video
Macromedia JRun 4
Magic File Renamer 6.12 Professional Edition
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Agent
McAfee Host Intrusion Prevention
McAfee VirusScan Enterprise
Meeting Manager for Internet Explorer
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Hotfix (KB891865)
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft BizTalk Adapter Pack
Microsoft BizTalk Adapters for Enterprise Applications
Microsoft BizTalk Server 2010 Developer Edition
Microsoft BizTalk Server Setup Support Files
Microsoft Chart Controls Add-on for Microsoft Visual Studio 2008
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Connector 1.1 for SAP BW
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Enterprise Single Sign-On
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4 Pro
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer 2010
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office SharePoint Designer MUI (English) 2010
Microsoft Office Sounds
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft OLE DB Provider for DB2
Microsoft Primary Interoperability Assemblies 2005
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Snapshot Viewer Application
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Books Online (English) (September 2007)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Reporting Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 R2 ADOMD.NET
Microsoft SQL Server 2008 R2 Books Online
Microsoft SQL Server 2008 R2 Command Line Utilities
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Report Builder 3.0
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 R2 Upgrade Advisor
Microsoft SQL Server Analysis Management Objects
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Team Foundation Server 2008 Power Tools - October 2008
Microsoft Team Foundation Server 2010 Power Tools
Microsoft Team Foundation Server Power Tools
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2005 Team Explorer - ENU
Microsoft Visual Studio 2005 Team Explorer - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2005 Team Suite - ENU
Microsoft Visual Studio 2005 Team Suite - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio 2008 Team Explorer - ENU
Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Shell (Integrated) - ENU
Microsoft Visual Studio 2010 Team Explorer - ENU
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Team Explorer 2010 - ENU
Microsoft Visual Studio Team System 2008 Team Suite - ENU
Microsoft Visual Studio Team System 2008 Team Suite - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft WSE 3.0
Microsoft WSE 3.0 Runtime
Mimo
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
Mozilla Firefox (3.6.9)
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2008 SP1
MSDN Library for Visual Studio 2008 SP1 - ENU
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
NEC Electronics USB 3.0 Host Controller Driver
NetBeans IDE 6.9.1
News Rover -- Usenet newsreader
Nmap 5.51
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ODAC Documentation for Visual Studio 2005
ODAC Documentation for Visual Studio 2010
OpenSSL 1.0.0d (32-bit)
Oxygen XML Editor 11.1
PDF Settings
PInvoke.net Visual Studio Add-In
Playlist Creator 3.6.2
PolyView 4.402
PuTTY version 0.60
QCExplorer
QLBCASL
Quality Center Client Side
Quality Center Microsoft Excel Addin
Quest Installer
Quest Software Toad Data Modeler
Quest Software Toad for Data Analysts 2.7
Quest Software Toad for SQL Server 4.6
Quest SQL Optimizer for Oracle
Quest SQL Optimizer for Oracle Common
QuickPar 0.9
QuickTime
RedGate Licensing 2010
RegAlyzer
RICOH Media Driver
RoboForm 7-2-9 (All Users)
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Safari
Sansa Updater
SDFormatter
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB2251481)
Security Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB2251481)
Security Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB2538218)
Security Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB2548826)
Security Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB971023)
Security Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB973673)
Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Visual Studio Team Explorer 2010 - ENU (KB2645410)
Security Update for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB2251487)
Security Update for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB2669970)
Security Update for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB972222)
Security Update for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB973675)
Skype Click to Call
Skype™ 5.5
SnagIt 9
Sonic Activation Module
Spotlight on Oracle, Oracle RAC
Spybot - Search & Destroy
SQL Backup 6
SQL Compare 8
SQL Comparison SDK 8
SQL Data Compare 8
SQL Data Generator 1
SQL Dependency Tracker 2
SQL Doc 2
SQL Multi Script 1
SQL Object Level Recovery Native 1
SQL Packager 6
SQL Prompt 4
SQL Refactor 1
SQL Response 1
SQL Search 1
SQL Server 2008 R2 Analysis Services OLE DB Provider
SQL Server Data Mining Content Viewer Controls
SQL Server Service Broker External Activator
SQL Source Control 1
SSMS Tools Pack 1.9.4.0
Symlabs LDAP Browser R1.5.0
Synergy
System Requirements Lab
Toad for Oracle 10.6
UltraEdit 16.20
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232)
Update for Microsoft Visual Studio 2005 Team Explorer - ENU (KB932232)
Update for Microsoft Visual Studio 2005 Team Explorer - ENU (KB979258)
Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB932232)
Update for Microsoft Visual Studio 2005 Team Suite - ENU (KB979258)
Update for Microsoft Visual Studio 2008 Team Explorer - ENU (KB974558)
Update for Microsoft Visual Studio Team System 2008 Team Suite - ENU (KB974558)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
Verdiem Surveyor Client
VirtualCloneDrive
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x86 Runtime - KB2465361 - (v9.0.30729.5570)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - v9.0.30729.5570
Visual C++ 2008 x86 Runtime - v9.0.30729.6161
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WCF RIA Services V1.0 SP1
WebEx
WebSlingPlayer ActiveX
Windows Identity Foundation SDK 4.0
Windows Installer XML Toolset 3.5
Windows Media Encoder 9 Series
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows PowerShell Extensions for SQL Server 2008 R2
WinPcap 4.1.2
WinZip 15.0
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== Event Viewer Messages From Past Week ========
.
3/27/2012 9:45:08 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/27/2012 9:38:15 AM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
3/27/2012 9:36:57 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
3/27/2012 9:36:57 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
3/27/2012 12:09:13 PM, Error: Service Control Manager [7034] - The BMFMySQL service terminated unexpectedly. It has done this 1 time(s).
3/27/2012 12:03:03 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/27/2012 12:01:25 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/27/2012 11:58:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
3/27/2012 11:57:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
3/27/2012 11:57:14 AM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/27/2012 11:56:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
3/27/2012 11:54:59 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
3/27/2012 11:54:53 AM, Error: Service Control Manager [7022] - The Rule Engine Update Service service hung on starting.
3/27/2012 11:52:48 AM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The operation completed successfully.
3/27/2012 11:52:48 AM, Error: Service Control Manager [7000] - The Net.Msmq Listener Adapter service failed to start due to the following error: A device attached to the system is not functioning.
3/27/2012 11:52:44 AM, Error: Service Control Manager [7000] - The FMAudit Agent service failed to start due to the following error: A device attached to the system is not functioning.
3/27/2012 11:52:36 AM, Error: Service Control Manager [7024] - The Synergy Server service terminated with service-specific error The system cannot open the file..
3/27/2012 11:52:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/27/2012 11:50:27 AM, Error: volmgr [45] - The system could not sucessfully load the crash dump driver.
3/27/2012 11:41:22 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/27/2012 11:03:07 AM, Error: Service Control Manager [7023] - The NS$BAMAlerts service terminated with the following error: An internal error occurred.
3/27/2012 10:52:50 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/26/2012 9:04:16 AM, Error: Service Control Manager [7034] - The SPService service terminated unexpectedly. It has done this 1 time(s).
3/26/2012 8:59:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/26/2012 6:43:07 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain THCG due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/25/2012 7:22:13 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
3/25/2012 5:29:48 PM, Error: Service Control Manager [7022] - The Windows Remote Management (WS-Management) service hung on starting.
3/25/2012 5:27:42 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/25/2012 5:24:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Rule Engine Update Service service to connect.
3/25/2012 5:24:19 PM, Error: Service Control Manager [7000] - The Rule Engine Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2012 5:23:09 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/25/2012 5:22:03 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/24/2012 8:22:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/23/2012 6:36:11 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 9:00:16 AM, Error: Service Control Manager [7022] - The Enterprise Single Sign-On Service service hung on starting.
3/22/2012 9:00:16 AM, Error: Service Control Manager [7001] - The BizTalk Service BizTalk Group : BizTalkServerApplication service depends on the Enterprise Single Sign-On Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/22/2012 8:55:18 AM, Error: Service Control Manager [7000] - The NS$BAMAlerts service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 8:55:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NS$BAMAlerts service to connect.
3/22/2012 8:34:59 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
3/22/2012 8:34:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/22/2012 8:34:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/22/2012 8:23:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/22/2012 8:23:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/22/2012 8:22:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/22/2012 8:22:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/22/2012 8:22:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/22/2012 8:17:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ElbyCDIO FireTDI mfehidk mfetdik NetBIOS NetBT nsiproxy Psched rdbss RsvLock SbFlop SbRegFlt spldr tdx vflt vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
3/22/2012 8:17:56 PM, Error: Service Control Manager [7001] - The BizTalk Service BizTalk Group : BizTalkServerApplication service depends on the Enterprise Single Sign-On Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The Net.Msmq Listener Adapter service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:53 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 8:17:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:52 PM, Error: Service Control Manager [7001] - The FMAudit Agent service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:52 PM, Error: Service Control Manager [7001] - The Enterprise Single Sign-On Service service depends on the COM+ System Application service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 8:17:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 8:17:51 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 8:17:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 8:17:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 5:52:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/22/2012 5:27:26 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 5:26:35 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
3/22/2012 5:26:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO mfehidk RsvLock SbFlop SbRegFlt spldr vpcvmm Wanarpv6
3/22/2012 5:26:17 PM, Error: Service Control Manager [7001] - The FMAudit Agent service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 11:55:06 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
3/22/2012 11:54:36 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/22/2012 11:54:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/22/2012 11:54:36 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 11:54:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/22/2012 11:54:27 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/22/2012 11:50:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FMAudit Agent service to connect.
3/22/2012 11:50:48 AM, Error: Service Control Manager [7000] - The FMAudit Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 10:52:04 AM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The system cannot find the file specified.
3/22/2012 10:11:53 AM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 10:11:53 AM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: A device attached to the system is not functioning.
3/22/2012 10:11:25 AM, Error: Service Control Manager [7001] - The Enterprise Single Sign-On Service service depends on the SQL Server (R2) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 10:10:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the OracleMTSRecoveryService service to connect.
3/22/2012 10:10:46 AM, Error: Service Control Manager [7000] - The OracleMTSRecoveryService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 10:10:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
3/22/2012 10:10:05 AM, Error: Service Control Manager [7001] - The NS$BAMAlerts service depends on the SQL Server (R2) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 10:10:05 AM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 10:09:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (R2) service to connect.
3/22/2012 10:09:29 AM, Error: Service Control Manager [7000] - The SQL Server (R2) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/22/2012 10:04:18 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain THCG due to the following: The RPC server is unavailable. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/22/2012 10:00:50 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={BC57DD99-7405-4637-A80F-7B05A29AD9E5}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
3/22/2012 10:00:40 AM, Error: Microsoft-Windows-RasSstp [1] - CoId={454144EE-65F2-4E09-9079-43B3CA329870}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.
3/21/2012 4:38:48 PM, Error: Service Control Manager [7034] - The Synergy Server service terminated unexpectedly. It has done this 1 time(s).
3/21/2012 3:41:07 PM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
.
==== End Of File ===========================
ComboFix 12-03-27.02 - gary.jutras 03/27/2012 11:22:05.6.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.7090.3718 [GMT -4:00]
Running from: c:\users\gary.jutras\Desktop\ComboFix.exe
Command switches used :: c:\users\gary.jutras\Desktop\CFScript.txt
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
FILE ::
"c:\windows\system32\ca-messagequeuing.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 15:52 . 2012-03-27 15:52 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-27 15:51 . 2012-03-27 15:51 200704 ----a-w- c:\windows\SafeBoot.scr
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\GARY~2~JUT\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\Gary.Jutra\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\classicasp\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\ASP.NET v4.0\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\ASP.NET v4.0 Classic\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\ASP.NET V2.0\AppData\Local\temp
2012-03-27 15:40 . 2012-03-27 15:40 -------- d-----w- c:\users\app.gary.jutras\AppData\Local\temp
2012-03-27 14:23 . 2012-03-27 14:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-27 14:06 . 2012-03-27 14:06 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-27 14:02 . 2012-03-27 14:02 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-27 14:02 . 2012-03-27 14:02 -------- d-----w- c:\programdata\Lavasoft
2012-03-27 13:37 . 2010-06-15 15:57 47080 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2012-03-27 13:37 . 2010-06-15 15:57 40328 ----a-w- c:\windows\SysWow64\HIPIS0e011b5.dll
2012-03-26 20:58 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-26 20:58 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-26 20:58 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-26 20:58 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-26 20:58 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-26 20:58 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-26 20:47 . 2012-03-26 20:47 -------- d-----w- c:\users\Default\AppData\Roaming\JetBrains
2012-03-26 20:47 . 2012-03-26 20:47 -------- d-----w- c:\users\Default\AppData\Local\JetBrains
2012-03-26 20:35 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-26 20:35 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-26 20:35 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-26 20:35 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-25 22:48 . 2012-03-25 22:48 -------- d-----w- c:\program files (x86)\ESET
2012-03-21 19:51 . 2012-03-21 19:51 -------- d-----w- c:\users\gary.jutras\AppData\Roaming\Safer Networking
2012-03-21 19:51 . 2012-03-21 19:51 -------- d-----w- c:\program files (x86)\Safer Networking
2012-03-21 19:41 . 2012-03-27 14:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-21 19:41 . 2012-03-21 19:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-21 14:57 . 2012-03-21 14:57 -------- d-----w- c:\users\gary.jutras\AppData\Roaming\Malwarebytes
2012-03-21 14:57 . 2012-03-21 14:57 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 14:57 . 2012-03-21 14:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-21 14:57 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 14:47 . 2012-03-21 14:47 -------- d-----w- c:\program files (x86)\947E3
2012-03-21 14:47 . 2012-03-21 14:47 -------- d-----w- c:\users\gary.jutras\AppData\Roaming\72A94
2012-03-20 12:55 . 2009-09-18 08:00 930160 ----a-w- c:\windows\system32\ccmcore.dll
2012-03-20 12:55 . 2009-09-18 08:00 26464 ----a-w- c:\windows\system32\xprslib.dll
2012-03-20 12:54 . 2012-03-20 12:54 -------- d-----w- c:\windows\ms
2012-03-09 14:22 . 2012-03-22 18:44 -------- d-----w- c:\users\gary.jutras\AppData\Local\PasswordSafe
2012-03-08 16:11 . 2012-03-08 16:11 -------- d-----w- c:\program files\iPod
2012-03-08 16:11 . 2012-03-08 16:12 -------- d-----w- c:\program files\iTunes
2012-03-08 16:11 . 2012-03-08 16:12 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 15:51 . 2010-06-21 16:20 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-03-26 20:46 . 2010-06-21 20:27 2543584 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-08 03:49 . 2010-06-17 15:02 143008 ----a-w- c:\windows\SysWow64\KevlarSigs.dll
2012-02-17 20:09 . 2011-05-23 15:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-26 20:35 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-01-26 17:14 . 2012-02-06 21:08 729677 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Italian.scr
2012-01-26 17:14 . 2012-02-06 21:08 729677 ----a-w- c:\windows\system32\CovCorpScreensaver-Italian.scr
2012-01-26 17:14 . 2012-02-06 21:08 731738 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Turkish.scr
2012-01-26 17:14 . 2012-02-06 21:08 731738 ----a-w- c:\windows\system32\CovCorpScreensaver-Turkish.scr
2012-01-26 17:13 . 2012-02-06 21:08 763578 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Thai.scr
2012-01-26 17:13 . 2012-02-06 21:08 763578 ----a-w- c:\windows\system32\CovCorpScreensaver-Thai.scr
2012-01-17 13:04 . 2012-02-06 21:08 760073 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Korean.scr
2012-01-17 13:04 . 2012-02-06 21:08 760073 ----a-w- c:\windows\system32\CovCorpScreensaver-Korean.scr
2012-01-17 13:02 . 2012-02-06 21:08 765726 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Japanese.scr
2012-01-17 13:02 . 2012-02-06 21:08 765726 ----a-w- c:\windows\system32\CovCorpScreensaver-Japanese.scr
2012-01-13 20:33 . 2012-02-06 21:08 767208 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-ChineseTraditional.scr
2012-01-13 20:33 . 2012-02-06 21:08 767208 ----a-w- c:\windows\system32\CovCorpScreensaver-ChineseTraditional.scr
2012-01-12 18:57 . 2012-02-06 21:08 730945 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 18:57 . 2012-02-06 21:08 730945 ----a-w- c:\windows\system32\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 18:55 . 2012-02-06 21:08 730434 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 18:55 . 2012-02-06 21:08 730434 ----a-w- c:\windows\system32\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 18:55 . 2012-02-06 21:08 762740 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 18:55 . 2012-02-06 21:08 762740 ----a-w- c:\windows\system32\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 18:54 . 2012-02-06 21:08 733165 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Russian.scr
2012-01-12 18:54 . 2012-02-06 21:08 733165 ----a-w- c:\windows\system32\CovCorpScreensaver-Russian.scr
2012-01-12 18:54 . 2012-02-06 21:08 730967 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 18:54 . 2012-02-06 21:08 730967 ----a-w- c:\windows\system32\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 18:53 . 2012-02-06 21:08 730909 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 18:53 . 2012-02-06 21:08 730909 ----a-w- c:\windows\system32\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 18:52 . 2012-02-06 21:08 731597 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Polish.scr
2012-01-12 18:52 . 2012-02-06 21:08 731597 ----a-w- c:\windows\system32\CovCorpScreensaver-Polish.scr
2012-01-12 18:52 . 2012-02-06 21:08 731045 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Malay.scr
2012-01-12 18:52 . 2012-02-06 21:08 731045 ----a-w- c:\windows\system32\CovCorpScreensaver-Malay.scr
2012-01-12 18:51 . 2012-02-06 21:08 731154 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Hungarian.scr
2012-01-12 18:51 . 2012-02-06 21:08 731154 ----a-w- c:\windows\system32\CovCorpScreensaver-Hungarian.scr
2012-01-12 18:51 . 2012-02-06 21:08 732075 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-German.scr
2012-01-12 18:51 . 2012-02-06 21:08 732075 ----a-w- c:\windows\system32\CovCorpScreensaver-German.scr
2012-01-12 18:50 . 2012-02-06 21:08 732289 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Greek.scr
2012-01-12 18:50 . 2012-02-06 21:08 732289 ----a-w- c:\windows\system32\CovCorpScreensaver-Greek.scr
2012-01-12 18:50 . 2012-02-06 21:08 730338 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 18:50 . 2012-02-06 21:08 730338 ----a-w- c:\windows\system32\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 18:48 . 2012-02-06 21:08 730309 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 18:48 . 2012-02-06 21:08 730309 ----a-w- c:\windows\system32\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 18:47 . 2012-02-06 21:08 730318 ----a-w- c:\windows\SysWow64\CovCorpScreensaver-Dutch.scr
2012-01-12 18:47 . 2012-02-06 21:08 730318 ----a-w- c:\windows\system32\CovCorpScreensaver-Dutch.scr
2012-01-12 18:44 . 2012-02-06 21:08 731140 ----a-w- c:\windows\SysWow64\CovCorpScreenSaver-Danish.scr
2012-01-12 18:44 . 2012-02-06 21:08 731140 ----a-w- c:\windows\system32\CovCorpScreenSaver-Danish.scr
2012-01-04 10:44 . 2012-02-21 17:09 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-21 17:09 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-21 17:09 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-21 17:09 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_15.03.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-03-27 15:57 68994 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-16 21:41 . 2012-03-27 15:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-16 21:41 . 2012-03-27 13:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-16 21:41 . 2012-03-27 13:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-16 21:41 . 2012-03-27 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 13:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-27 15:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-27 15:16 91032 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-27 15:02 . 2012-03-27 15:02 2033 c:\windows\system32\api_hook_list.dat
+ 2012-03-27 15:51 . 2012-03-27 15:51 2033 c:\windows\system32\api_hook_list.dat
+ 2012-03-27 13:36 . 2012-03-27 15:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 13:36 . 2012-03-27 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 13:36 . 2012-03-27 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-27 13:36 . 2012-03-27 15:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-03-27 15:02 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-27 15:50 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-27 15:02 . 2012-03-27 15:02 127577 c:\windows\SysWOW64\api_hook_list.dat
+ 2012-03-27 15:51 . 2012-03-27 15:51 127577 c:\windows\SysWOW64\api_hook_list.dat
- 2009-07-14 02:36 . 2012-03-27 13:50 274248 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-27 15:10 274248 c:\windows\system32\perfc009.dat
- 2009-07-14 04:54 . 2012-03-27 15:02 1900544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-27 15:50 1900544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-27 15:02 1327104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-27 15:50 1327104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2012-03-27 13:50 1075618 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-27 15:10 1075618 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Volumouse32"="c:\program files (x86)\NirSoft\VoluMouse\volumouse.exe" [2010-06-29 33280]
"Volumouse"="c:\program files\NirSoft\VoluMouse\volumouse.exe" [2010-06-21 82944]
"FeedDemon"="c:\program files (x86)\FeedDemon\FeedDemon.exe" [2010-12-16 7503360]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SansaDispatch"="c:\users\gary.jutras\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-01-20 79872]
"Ditto"="c:\program files (x86)\Ditto\Ditto.exe" [2010-12-23 831488]
"Push Client"="c:\users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe" [2011-04-27 966944]
"ApacheTomcatMonitor5.5_Tomcat5"="c:\program files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5w.exe" [2011-09-18 102400]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-05-10 107000]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"MusicManager"="c:\users\gary.jutras\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-02-21 13320704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2008-11-04 69632]
"SafeBootTokenWatcher"="c:\program files (x86)\SafeBoot\SbTokWatch.exe" [2008-12-09 172092]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SurveyorSession"="c:\program files (x86)\Verdiem\SurveyorSD\bin\SurveyorSession.exe" [2009-11-02 206152]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2009-12-08 14848]
"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2011-07-26 5735680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2006-7-27 41041]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
client.lnk - c:\program files\avs\bin\avscc.exe [2012-2-9 15810104]
SQL Prompt Query Analyzer Integration.lnk - c:\program files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe [2010-6-30 81920]
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-6-22 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-661013750-2036339787-1844936127-200531\Scripts\Logon\0\0]
"Script"=ie_zone_change.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-661013750-2036339787-1844936127-445920\Scripts\Logon\0\0]
"Script"=ie_zone_change.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FMAuditAgent;FMAudit Agent;c:\program files\FMAudit, LLC\FMAudit Agent\fmaagent.exe [2009-11-02 294912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 ANTS Memory Profiler 5 Service;ANTS Memory Profiler 5 Service;c:\program files\Red Gate\ANTS Memory Profiler 5\RedGate.Memory.IISService.exe [2010-07-15 8704]
R3 ANTS Performance Profiler 5 Service;ANTS Performance Profiler 5 Service;c:\program files\Red Gate\ANTS Performance Profiler 5\RedGate.Profiler.IISService.exe [2000-01-01 9728]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 15768]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MsDtsServer;SQL Server Integration Services;c:\program files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2011-03-25 202592]
R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784]
R3 MSOLAP$R2;SQL Server Analysis Services (R2);c:\program files\Microsoft SQL Server\MSAS10_50.R2\OLAP\bin\msmdsrv.exe [2011-06-18 54791520]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ReportServer$R2;SQL Server Reporting Services (R2);c:\program files\Microsoft SQL Server\MSRS10_50.R2\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-06-18 2180960]
R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-03-25 13664]
R3 SQLAgent$R2;SQL Server Agent (R2);c:\program files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R3 SSBExternalActivator;Service Broker External Activator;c:\program files (x86)\Service Broker\External Activator\Bin\ssbeas.exe [2010-04-03 141152]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 Tomcat5;Apache Tomcat 5.5 Tomcat5;c:\program files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5.exe [2011-09-18 74752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys [2007-09-04 71024]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SBAlg;SBAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 SbFlop;SbFlop; [x]
S1 SbRegFlt;SbRegFlt; [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 avbackup;Backup Agent;c:\program files\avs\bin\avagent.exe [2012-02-09 8008248]
S2 BMFMySQL;BMFMySQL;c:\programdata\Quest Software\BMF\Repository\MySQL\bin\mysqld-max-nt.exe [2005-10-23 4431872]
S2 BTSSvc$BizTalkServerApplication;BizTalk Service BizTalk Group : BizTalkServerApplication;c:\program files (x86)\Microsoft BizTalk Server 2010\BTSNTSvc.exe [2010-07-31 47952]
S2 DB2MGMTSVC_TACOM27;DB2 Management Service (TACOM27);c:\program files (x86)\Quest Software\Toad for Data Analysts 2.7\SQLLIB\BIN\db2mgmtsvc.exe [2010-05-15 37736]
S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-08-17 56592]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-06-15 1498224]
S2 ENTSSO;Enterprise Single Sign-On Service;c:\program files\Common Files\Enterprise Single Sign-On\ENTSSO.exe [2010-07-31 93520]
S2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-06-15 39840]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-16 36864]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-08-17 957712]
S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-08-17 697616]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-27 2152152]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-08-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 MSSQL$R2;SQL Server (R2);c:\program files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072]
S2 NS$BAMAlerts;NS$BAMAlerts;c:\program files (x86)\Microsoft SQL Server\90\NotificationServices\9.0.242\bin\NSService.exe BAMAlerts [x]
S2 RuleEngineUpdateService;Rule Engine Update Service;c:\program files (x86)\Common Files\Microsoft BizTalk\RuleEngineUpdateService.exe [2010-07-31 34672]
S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\SafeBoot\SbClientManager.exe [2008-12-09 380988]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-17 378984]
S2 SurveyorSD;Verdiem Surveyor Client;c:\program files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSD.exe [2009-11-02 2225480]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [x]
S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [x]
S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-03-27 17152]
S3 MSSQLFDLauncher$R2;SQL Full-text Filter Daemon Launcher (R2);c:\program files\Microsoft SQL Server\MSSQL10_50.R2\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\At1.job
- c:\program files\Microsoft OLE DB Provider for DB2\system\HISADConf.exe [2010-03-29 18:50]
.
2012-03-26 c:\windows\Tasks\At4.job
- c:\program files\Microsoft OLE DB Provider for DB2\system\HISADConf.exe [2010-03-29 18:50]
.
2012-03-16 c:\windows\Tasks\At5.job
- c:\program files\Common Files\Enterprise Single Sign-On\ssoconfig.exe [2010-07-31 17:10]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531Core.job
- c:\users\gary.jutras\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 18:52]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531UA.job
- c:\users\gary.jutras\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 18:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\gary.jutras\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
@="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
[HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
2008-11-06 15:20 289792 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
@="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
[HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
2008-11-06 15:20 289792 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
@="{FF529703-3398-4c98-B88D-13F784CB10A2}"
[HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
2008-11-06 15:20 289792 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
@="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
[HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
2008-11-06 15:20 289792 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
@="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
[HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
2008-11-06 15:20 289792 ----a-w- c:\program files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-08 489472]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1875048]
"Wireless Driver Update"="c:\windows\Tools\Wireless\UpdateWireless_Local.vbs" [2008-01-14 11263]
"combofix"="c:\combofix\CF24362.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pcradminserver
Memctl
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://Pulse
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
Trusted Zone: compliancewire.com
Trusted Zone: covidien.com
Trusted Zone: kaplanwire.com
Trusted Zone: knowledgewire.com
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\www
Trusted Zone: tamans-it08v
Trusted Zone: TAMANS-SM02
Trusted Zone: thcg.net\TAMANS-SM02
Trusted Zone: na-applications
TCP: DhcpNameServer = 10.0.202.107 10.0.202.108 10.0.202.109
TCP: Interfaces\{2130A9D8-234E-4ECC-947F-7C161C30F219}: NameServer = 10.0.202.108,10.0.202.107
DPF: Web-Based Email Tools - hxxp://email05.secureserver.net/Download.CAB
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://tamans-it08v:8080/qcbin/Spider91.cab
FF - ProfilePath - c:\users\gary.jutras\AppData\Roaming\Mozilla\Firefox\Profiles\92ip19u4.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61636
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files (x86)\Fiddler2\FiddlerHook
FF - Ext: Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files (x86)\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BizTalk .NET Adapter for SQL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BizTalk:Message Box:General Counters]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BizTalk:Message Box:Host Counters]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BizTalk:TDDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BizTalk:Windows SharePoint Services Adapter]
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
--
"ImagePath"="c:\program files (x86)\Microsoft SQL Server\90\NotificationServices\9.0.242\bin\NSService.exe \"BAMAlerts\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Delivery Channels]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Distributors]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Event Providers]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Events]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Generator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Notifications]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Subscribers]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Subscriptions]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS$BAMAlerts: Vacuumer]
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSBExternalActivator]
"ImagePath"="\"c:\program files (x86)\Service Broker\External Activator\Bin\ssbeas.exe\" /service:SSBExternalActivator"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c7,b3,54,82,82,8d,41,81,b3,7f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c7,b3,54,82,82,8d,41,81,b3,7f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\oracle\product\11.2.0\client_1\bin\omtsreco.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Microsoft SQL Server\90\NotificationServices\9.0.242\bin\NSService.exe
c:\windows\SysWOW64\CCM\CcmExec.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files (x86)\McAfee\Common Framework\McTray.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2012-03-27 12:07:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 16:07
ComboFix2.txt 2012-03-27 15:18
ComboFix3.txt 2012-03-23 00:32
.
Pre-Run: 100,427,939,840 bytes free
Post-Run: 100,115,263,488 bytes free
.
- - End Of File - - C4F0617579D83B738FF89B77D8E89471

BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 30 March 2012 - 12:00 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gjutras

gjutras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 30 March 2012 - 11:28 AM

Hi Gringo, thanks.

I unfortunately can't run from recovery mode. I ran from safe mode. My hard drive is whole drive encrypted with mcafee safeboot.

just as an extra FYI here's what the popup URLs are looking like:

http://10.80.2.52:15871/_ylt=3648C868A1DB;MTAuODAuMi41MjoxNTg3MS9lbi9DdXN0b20vbWFzdGVyRy5odG1sIiB0YXJnZXQ9IndzX2Jsb2Nrb3B0aW9uIj5EZXV0c2NoPC9hPjwvbGk+Cgk8c3BhbiBjbGFzcz0ibWVudVNlcGVyYXRvciI+-d3d3LnczLm9yZy9UUi9odG1sNC9sb29zZS5kdGQiPgoKPCEtLS8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vCi8vCi8vICAgIENvcHlyaWdodCAoYykgMTk5NiAtIDIwMTAsIFdlYnNlbnNlLCBJbmMuICAgIEFsbCBSaWdodHMgUmVzZXJ2ZWQKLy8gICAgU2VlIFdlYnNlbnNlQ29weXJpZ2h0LnR4dCBmb3IgY29weXJpZ2h0IGluZm9ybWF0aW9uCi8vCi8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy8vLy0tPgoKPGh0bWw+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+CjxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iL2VuL0N1c3RvbS9ibG9ja1N0eWxlLmNzcyIgdHlwZT0idGV4dC9jc3MiPgo8dGl0bGU+QWNjZXNzIHRvIHRoaXMgc2l0ZSBpcyBibG9ja2VkPC90aXRsZT4KPC9oZWFkPgo8Ym9keT4KCjwhLS1baWYgbHQgSUUgN10+IDxkaXYgc3R5bGU9IndpZHRoOiA3MjVweDsiPiA8IVtlbmRpZl0tLT4KPGRpdiBzdHlsZT0iYm9yZGVyOiAxcHggc29saWQgIzAwMzg3ODt3aWR0aDogOTUlOyBtYXgtd2lkdGg6IDc4MHB4OyBvdmVyZmxvdzogaGlkZGVuOyBtYXJnaW4tbGVmdDogMTBweDsgYmFja2dyb3VuZC1jb2xvcjogI2ZmZmZmZjsiPgoJPGlmcmFtZSBzcmM9Imh0dHA6Ly8xMC44MC4yLjUyOjE1ODcxL2NnaS1iaW4vYmxvY2tfbWVzc2FnZS5jZ2k/d3Mtc2Vzc2lvbj0xNzQ1OTQ4MDY1IiB0aXRsZT0idGVzdCIgbmFtZT0id3NfYmxvY2siIGZyYW1lYm9yZGVyPSIwIiBzY3JvbGxpbmc9ImF1dG8iIHN0eWxlPSJ3aWR0aDoxMDAlOyBoZWlnaHQ6IDEwZW07Ij4KCgk8L2lmcmFtZT4KCTxpZnJhbWUgc3JjPSJodHRwOi8vQ292aWRpZW5TZWN1cml0eS5jb20vYmFubmVkLmpwZyIgbmFtZT0id3NfYmxvY2tvcHRpb24iIGZyYW1lYm9yZGVyPSIwIiBzY3JvbGxpbmc9ImF1dG8iIHN0eWxlPSJ3aWR0aDoxMDAlOyBoZWlnaHQ6IDE3LjVlbTsiPgoJCTxwPlRvIGVuYWJsZSBmdXJ0aGVyIG9wdGlvbnMsIHZpZXcgdGhpcyBwYWdlIHdpdGggYSBicm93c2VyIHRoYXQgc3VwcG9ydHMgaWZyYW1lczwvcD4KCTwvaWZyYW1lPgo8ZGl2IGlkPSJvcmdNZW51Ij4KCTxkaXYgY2xhc3M9Im9yZ0xpbmtzIj4KICAgIDx1bD4KCTxsaT48YSBocmVmPSJodHRwOi8vMTAuODAuMi41MjoxNTg3MS9lbi9DdXN0b20vbWFzdGVyRU4uaHRtbCIgdGFyZ2V0PSJ3c19ibG9ja29wdGlvbiI+RW5nbGlzaDwvYT48L2xpPgoJPHNwYW4gY2xhc3M9Im1lbnVTZXBlcmF0b3IiPg==

I also just went to do a nslookup of that IP and it looks like wsock32.dll or nslookup.exe is messed up. I get an error when running nslookup that says the ordinal 1108 could not be located in the dynamic link library WSOCK32.dll. Strangely enough I have different nslookups in system32 and syswow64 and both show the same error when I run them specifically.

Below is the frst log from safe mode (as much as I could get).

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by gary.jutras at 30-03-2012 10:25:06
Running from K:\packages\Ad-Aware
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\app.gary.jutras\...\Run: [Volumouse32] "C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe" /nodlg [33280 2010-06-29] (NirSoft)
HKU\app.gary.jutras\...\Run: [Volumouse] "C:\Program Files\NirSoft\VoluMouse\volumouse.exe" /nodlg [82944 2010-06-21] (NirSoft)
HKU\app.gary.jutras\...\Run: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized [7503360 2010-12-16] (NewsGator Technologies, Inc.)
HKU\app.gary.jutras\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-22] (Microsoft Corporation)
HKU\app.gary.jutras\...\Run: [Google Update] "C:\Users\gary.jutras\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-14] (Google Inc.)
HKU\app.gary.jutras\...\Run: [SansaDispatch] C:\Users\app.gary.jutras\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [x]
HKU\app.gary.jutras\...\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
HKU\app.gary.jutras\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-05-10] (Siber Systems)
HKU\app.gary.jutras\...\Run: [svchost.exe] C:\Windows\svchost.exe [x]
HKU\app.gary.jutras\...\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Users\GARY~2.JUT\AppData\Local\Temp\E_SB10A.tmp" /EF "HKCU" [x]
HKU\app.gary.jutras\...\Run: [Push Client] "C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe" [966944 2011-04-27] (AT&T Inc.)
HKU\app.gary.jutras\...\Policies\system: [NoDispScrSavPage] 1
HKU\ASP.NET V2.0\...\Policies\system: [NoDispScrSavPage] 0
HKU\ASP.NET v4.0\...\Policies\system: [NoDispScrSavPage] 0
HKU\classicasp\...\Policies\system: [NoDispScrSavPage] 0
HKU\DefaultAppPool\...\Policies\system: [NoDispScrSavPage] 0
HKU\Gary.Jutra\...\Run: [Volumouse32] "C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe" /nodlg [33280 2010-06-29] (NirSoft)
HKU\Gary.Jutra\...\Run: [Volumouse] "C:\Program Files\NirSoft\VoluMouse\volumouse.exe" /nodlg [82944 2010-06-21] (NirSoft)
HKU\Gary.Jutra\...\Run: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized [7503360 2010-12-16] (NewsGator Technologies, Inc.)
HKU\Gary.Jutra\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-22] (Microsoft Corporation)
HKU\Gary.Jutra\...\Run: [Google Update] "C:\Users\gary.jutras\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-14] (Google Inc.)
HKU\Gary.Jutra\...\Run: [SansaDispatch] C:\Users\Gary.Jutra\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [x]
HKU\Gary.Jutra\...\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
HKU\Gary.Jutra\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-05-10] (Siber Systems)
HKU\Gary.Jutra\...\Run: [Push Client] "C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe" [966944 2011-04-27] (AT&T Inc.)
HKU\Gary.Jutra\...\Policies\system: [NoDispScrSavPage] 0
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-30 10:25 - 2012-03-30 10:25 - 0000000 ____D C:\FRST
2012-03-30 10:21 - 2012-03-30 10:21 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-03-30 10:20 - 2012-03-30 10:23 - 4809242 ____A C:\Windows\ntbtlog.txt
2012-03-29 11:12 - 2012-03-29 11:13 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 11:12 - 2012-03-29 11:13 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 11:12 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files\iPod
2012-03-27 12:32 - 2012-03-27 12:32 - 0044808 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_12.32.24_log.txt
2012-03-27 12:09 - 2012-03-27 12:09 - 0000000 ___SD C:\32788R22FWJFW
2012-03-27 12:07 - 2012-03-27 12:07 - 0049490 ____A C:\ComboFix.txt
2012-03-27 11:53 - 2012-03-27 11:53 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-27 11:52 - 2012-03-30 10:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-27 11:51 - 2012-03-27 11:51 - 0200704 ____A (McAfee, Inc.) C:\Windows\SafeBoot.scr
2012-03-27 11:01 - 2012-03-27 11:50 - 0000112 ____A C:\Windows\setupact.log
2012-03-27 11:01 - 2012-03-27 11:01 - 0000000 ____A C:\Windows\setuperr.log
2012-03-27 11:00 - 2012-03-30 10:20 - 0002318 ____A C:\Windows\PFRO.log
2012-03-27 11:00 - 2012-03-30 10:20 - 0000668 ____A C:\aaw7boot.log
2012-03-27 11:00 - 2012-03-27 11:01 - 2354064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-27 10:23 - 2012-03-27 10:05 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-03-27 10:20 - 2012-03-27 10:20 - 0113440 ____A C:\Users\gary.jutras\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-27 10:06 - 2012-03-27 10:06 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-03-27 10:03 - 2012-03-30 10:05 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-27 10:03 - 2012-03-30 10:05 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-03-26 16:58 - 2012-02-10 02:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-26 16:58 - 2012-02-10 01:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-26 16:58 - 2012-02-03 00:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-26 16:58 - 2012-01-25 02:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-26 16:58 - 2012-01-25 02:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-26 16:58 - 2012-01-25 02:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Local\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Local\JetBrains
2012-03-26 16:35 - 2012-02-17 02:38 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-03-26 16:35 - 2012-02-17 02:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-26 16:35 - 2012-02-17 01:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-26 16:35 - 2012-02-17 00:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-26 16:35 - 2012-02-17 00:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-25 18:48 - 2012-03-25 18:48 - 0000000 ____D C:\Program Files (x86)\ESET
2012-03-22 17:39 - 2012-03-22 17:39 - 0044634 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_17.39.23_log.txt
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-22 09:39 - 2012-03-27 12:09 - 0000000 ____D C:\Windows\ERDNT
2012-03-21 16:34 - 2012-03-21 16:34 - 0046028 ____A C:\TDSSKiller.2.7.22.0_21.03.2012_16.34.19_log.txt
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Safer Networking
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Program Files (x86)\Safer Networking
2012-03-21 15:41 - 2012-03-27 10:14 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-21 15:41 - 2012-03-27 10:14 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-21 15:41 - 2012-03-21 15:42 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 10:57 - 2011-12-10 15:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-21 10:49 - 2012-03-21 10:50 - 0001026 ____A C:\rkill.log
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\72A94
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Program Files (x86)\947E3
2012-03-20 08:55 - 2012-03-20 08:55 - 0004764 ____A C:\Windows\SysWOW64\CcmFramework.ini
2012-03-20 08:55 - 2012-03-20 08:55 - 0000621 ____A C:\Windows\SysWOW64\CcmFramework.h
2012-03-20 08:55 - 2009-09-18 04:00 - 0930160 ____A (Microsoft Corporation) C:\Windows\System32\ccmcore.dll
2012-03-20 08:55 - 2009-09-18 04:00 - 0026464 ____A (Microsoft Corporation) C:\Windows\System32\xprslib.dll
2012-03-20 08:54 - 2012-03-20 08:54 - 0000000 ____D C:\Windows\ms
2012-03-09 10:22 - 2012-03-22 14:44 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\PasswordSafe
2012-03-09 10:22 - 2012-03-09 10:22 - 0000000 ____D C:\Users\gary.jutras\Documents\My Safes
2012-03-07 17:47 - 2012-03-12 12:26 - 0006448 ____A C:\Users\gary.jutras\Documents\SurgeonToXml.sql
2012-03-07 16:44 - 2012-03-07 16:44 - 0584405 ____A C:\Users\gary.jutras\Documents\ContactsCompaniesWithUSLatLong.xlsx
2012-03-07 16:13 - 2004-08-06 17:02 - 2497570 ____A C:\Users\gary.jutras\Documents\zipcode.csv
2012-03-07 16:10 - 2012-03-07 16:10 - 0146374 ____A C:\Users\gary.jutras\Documents\Companies.xlsx
2012-03-07 16:08 - 2012-03-07 16:08 - 0376471 ____A C:\Users\gary.jutras\Documents\Contacts.xlsx

============ 3 Months Modified Files and Folders =============

2012-03-30 10:25 - 2012-03-30 10:25 - 0000000 ____D C:\FRST
2012-03-30 10:23 - 2012-03-30 10:20 - 4809242 ____A C:\Windows\ntbtlog.txt
2012-03-30 10:21 - 2012-03-30 10:21 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-03-30 10:21 - 2012-03-27 11:52 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-30 10:20 - 2012-03-27 11:00 - 0002318 ____A C:\Windows\PFRO.log
2012-03-30 10:20 - 2012-03-27 11:00 - 0000668 ____A C:\aaw7boot.log
2012-03-30 10:20 - 2010-06-16 17:36 - 1280692224 __ASH C:\hiberfil.sys
2012-03-30 10:14 - 2011-04-05 21:17 - 0327680 ____A C:\Windows\System32\Ikeext.etl
2012-03-30 10:14 - 2010-06-16 17:57 - 1409319 ____A C:\Windows\WindowsUpdate.log
2012-03-30 10:14 - 2009-07-14 00:45 - 0017984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-30 10:14 - 2009-07-14 00:45 - 0017984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 10:14 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\System32\inetsrv
2012-03-30 10:12 - 2011-04-21 09:53 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Ditto
2012-03-30 10:05 - 2012-03-27 10:03 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-30 10:05 - 2012-03-27 10:03 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-30 10:05 - 2011-01-14 14:52 - 0000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531UA.job
2012-03-30 09:05 - 2011-01-14 14:52 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531Core.job
2012-03-30 08:44 - 2010-06-29 08:23 - 0002128 ___AH C:\Users\gary.jutras\Documents\Default.rdp
2012-03-30 08:43 - 2010-06-16 18:24 - 0000352 ____A C:\Windows\System32\config\netlogon.ftl
2012-03-30 08:43 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\tracing
2012-03-29 15:33 - 2010-06-18 10:12 - 0000000 ____D C:\sysinternals
2012-03-29 15:19 - 2010-06-17 15:44 - 0000000 ____D C:\Users\gary.jutras\Tracing
2012-03-29 15:14 - 2010-11-09 10:27 - 0000703 ____A C:\Windows\NewsRover.INI
2012-03-29 14:59 - 2010-12-03 16:33 - 0000000 ____D C:\NewsRoverData
2012-03-29 13:25 - 2010-06-21 13:23 - 0000000 ____D C:\Users\gary.jutras\Documents\SQL Server Management Studio
2012-03-29 11:15 - 2011-08-18 07:59 - 0000000 ____D C:\Program Files (x86)\Safari
2012-03-29 11:13 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 11:13 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 11:12 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files\iPod
2012-03-29 09:25 - 2010-10-19 10:10 - 0001256 ____A C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-28 09:36 - 2011-07-11 13:49 - 0000000 ____D C:\Users\gary.jutras\Documents\My Kindle Content
2012-03-28 09:32 - 2011-07-11 13:49 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Amazon
2012-03-28 09:32 - 2011-07-11 13:49 - 0000000 ____D C:\Program Files (x86)\Amazon
2012-03-27 12:32 - 2012-03-27 12:32 - 0044808 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_12.32.24_log.txt
2012-03-27 12:09 - 2012-03-27 12:09 - 0000000 ___SD C:\32788R22FWJFW
2012-03-27 12:09 - 2012-03-22 09:39 - 0000000 ____D C:\Windows\ERDNT
2012-03-27 12:07 - 2012-03-27 12:07 - 0049490 ____A C:\ComboFix.txt
2012-03-27 12:01 - 2010-06-17 11:06 - 0000475 ____A C:\Windows\SMSCFG.ini
2012-03-27 12:00 - 2009-07-14 01:13 - 1367616 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-27 11:58 - 2010-06-21 14:58 - 0000000 ____D C:\Users\All Users\HPQLOG
2012-03-27 11:58 - 2010-06-21 14:58 - 0000000 ____D C:\ProgramData\HPQLOG
2012-03-27 11:54 - 2011-11-15 12:29 - 0000000 ___RD C:\Users\gary.jutras\Dropbox
2012-03-27 11:54 - 2011-11-15 12:26 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Dropbox
2012-03-27 11:53 - 2012-03-27 11:53 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-27 11:53 - 2009-07-13 22:34 - 0000215 ____A C:\Windows\system.ini
2012-03-27 11:52 - 2010-06-16 11:51 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-03-27 11:52 - 2010-06-16 11:51 - 0000000 ____D C:\ProgramData\NVIDIA
2012-03-27 11:51 - 2012-03-27 11:51 - 0200704 ____A (McAfee, Inc.) C:\Windows\SafeBoot.scr
2012-03-27 11:51 - 2010-06-16 11:53 - 0000000 ____D C:\Program Files (x86)\SafeBoot
2012-03-27 11:51 - 2009-07-14 01:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-27 11:51 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\registration
2012-03-27 11:50 - 2012-03-27 11:01 - 0000112 ____A C:\Windows\setupact.log
2012-03-27 11:47 - 2009-07-13 22:34 - 267956224 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-27 11:47 - 2009-07-13 22:34 - 24903680 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-27 11:41 - 2009-07-13 22:34 - 0069632 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-27 11:11 - 2009-07-13 22:34 - 5140480 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-27 11:08 - 2009-07-13 22:34 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-03-27 11:02 - 2010-06-16 17:55 - 0000000 ____D C:\users\Gary.Jutra
2012-03-27 11:01 - 2012-03-27 11:01 - 0000000 ____A C:\Windows\setuperr.log
2012-03-27 11:01 - 2012-03-27 11:00 - 2354064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-27 10:20 - 2012-03-27 10:20 - 0113440 ____A C:\Users\gary.jutras\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-27 10:14 - 2012-03-21 15:41 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-27 10:14 - 2012-03-21 15:41 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-27 10:06 - 2012-03-27 10:06 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-03-27 10:05 - 2012-03-27 10:23 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-03-27 09:45 - 2010-06-16 18:26 - 0025304 _RASH C:\Users\All Users\ntuser.pol
2012-03-27 09:45 - 2010-06-16 18:26 - 0025304 _RASH C:\ProgramData\ntuser.pol
2012-03-26 17:04 - 2010-06-17 11:29 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-26 17:04 - 2010-06-17 11:29 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-26 16:49 - 2010-06-17 04:17 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Local\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Local\JetBrains
2012-03-26 10:35 - 2011-09-26 10:34 - 0000468 ____A C:\Windows\Tasks\At4.job
2012-03-26 10:26 - 2011-09-26 10:25 - 0000468 ____A C:\Windows\Tasks\At1.job
2012-03-26 09:18 - 2010-07-09 11:19 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Deployment
2012-03-26 09:17 - 2010-07-09 11:19 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Apps\2.0
2012-03-25 18:48 - 2012-03-25 18:48 - 0000000 ____D C:\Program Files (x86)\ESET
2012-03-25 18:48 - 2009-07-14 01:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-23 08:49 - 2011-04-08 12:36 - 0000000 ____D C:\svn
2012-03-22 17:39 - 2012-03-22 17:39 - 0044634 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_17.39.23_log.txt
2012-03-22 16:23 - 2010-09-07 12:03 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\RssPopper
2012-03-22 15:38 - 2010-06-21 16:26 - 0000000 ____D C:\Users\gary.jutras\Documents\Visual Studio 2010
2012-03-22 15:18 - 2010-11-17 16:34 - 0000000 ____D C:\Program Files (x86)\jxplorer-3.2.1
2012-03-22 15:17 - 2010-06-17 10:30 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-22 15:13 - 2010-06-29 10:39 - 0000000 ____D C:\Program Files (x86)\RSS Popper
2012-03-22 14:44 - 2012-03-09 10:22 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\PasswordSafe
2012-03-22 11:16 - 2012-01-22 11:46 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Skype
2012-03-22 11:16 - 2010-10-18 22:22 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Media Player Classic
2012-03-22 11:15 - 2010-06-16 18:36 - 0000000 ____D C:\Windows\Panther
2012-03-22 11:11 - 2010-07-12 15:49 - 0000000 ____D C:\Program Files (x86)\CCleaner
2012-03-22 11:07 - 2009-07-13 23:20 - 0000000 __RHD C:\users\Default
2012-03-22 11:07 - 2009-07-13 23:20 - 0000000 ___RD C:\users\Public
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-21 16:34 - 2012-03-21 16:34 - 0046028 ____A C:\TDSSKiller.2.7.22.0_21.03.2012_16.34.19_log.txt
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Safer Networking
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Program Files (x86)\Safer Networking
2012-03-21 15:42 - 2012-03-21 15:41 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-21 15:07 - 2010-07-30 10:48 - 0000000 ____D C:\Program Files (x86)\Advanced Diary
2012-03-21 14:49 - 2010-09-10 09:14 - 0000000 ____D C:\HiJackThis
2012-03-21 11:17 - 2011-02-14 11:24 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\ApplicationHistory
2012-03-21 11:16 - 2011-02-14 11:28 - 0000256 ____A C:\Windows\SysWOW64\RfmDat2.dat
2012-03-21 11:10 - 2010-09-13 11:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 10:50 - 2012-03-21 10:49 - 0001026 ____A C:\rkill.log
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\72A94
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Program Files (x86)\947E3
2012-03-20 08:57 - 2010-06-29 07:52 - 0001001 ____A C:\Users\All Users\Start Menu\Programs\Startup\client.lnk
2012-03-20 08:57 - 2010-06-29 07:52 - 0000000 ____D C:\Program Files\avs
2012-03-20 08:55 - 2012-03-20 08:55 - 0004764 ____A C:\Windows\SysWOW64\CcmFramework.ini
2012-03-20 08:55 - 2012-03-20 08:55 - 0000621 ____A C:\Windows\SysWOW64\CcmFramework.h
2012-03-20 08:55 - 2010-06-17 11:06 - 1384864 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-20 08:55 - 2010-06-17 11:06 - 0000000 ____D C:\Windows\SysWOW64\CCM
2012-03-20 08:54 - 2012-03-20 08:54 - 0000000 ____D C:\Windows\ms
2012-03-20 08:50 - 2010-06-16 11:36 - 0003768 _RASH C:\Users\gary.jutras\ntuser.pol
2012-03-20 08:50 - 2010-06-16 11:36 - 0000000 ____D C:\users\gary.jutras
2012-03-19 11:18 - 2011-01-14 14:52 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Google
2012-03-16 13:40 - 2012-01-16 13:53 - 0000462 ____A C:\Windows\Tasks\At5.job
2012-03-15 15:24 - 2011-05-24 08:55 - 0000000 ____D C:\Program Files (x86)\ToDoList
2012-03-15 08:57 - 2011-02-08 16:35 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Apple Computer
2012-03-14 16:15 - 2011-11-15 12:27 - 0000977 ____A C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-12 16:18 - 2011-09-20 15:59 - 0018631 ____A C:\Users\gary.jutras\Documents\ppm.sql
2012-03-12 15:34 - 2010-08-27 10:07 - 0000000 ____D C:\Users\gary.jutras\Documents\SSMSToolsPack
2012-03-12 12:26 - 2012-03-07 17:47 - 0006448 ____A C:\Users\gary.jutras\Documents\SurgeonToXml.sql
2012-03-09 12:04 - 2010-06-21 07:50 - 0000000 ____D C:\Users\gary.jutras\Documents\Visual Studio 2005
2012-03-09 10:22 - 2012-03-09 10:22 - 0000000 ____D C:\Users\gary.jutras\Documents\My Safes
2012-03-07 23:49 - 2010-06-17 11:02 - 0143008 ____A (McAfee, Inc.) C:\Windows\SysWOW64\KevlarSigs.dll
2012-03-07 16:44 - 2012-03-07 16:44 - 0584405 ____A C:\Users\gary.jutras\Documents\ContactsCompaniesWithUSLatLong.xlsx
2012-03-07 16:10 - 2012-03-07 16:10 - 0146374 ____A C:\Users\gary.jutras\Documents\Companies.xlsx
2012-03-07 16:08 - 2012-03-07 16:08 - 0376471 ____A C:\Users\gary.jutras\Documents\Contacts.xlsx
2012-03-05 16:02 - 2011-03-02 16:36 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\QuickPar
2012-03-02 12:36 - 2011-07-27 15:03 - 0000000 ____D C:\Users\gary.jutras\.android
2012-03-02 12:34 - 2010-10-12 11:30 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Eclipse
2012-03-02 12:33 - 2011-04-04 13:40 - 0000000 ____D C:\eclipse
2012-03-02 12:10 - 2011-07-27 15:20 - 0000000 ____D C:\Program Files (x86)\Android
2012-02-28 12:05 - 2010-06-16 11:36 - 0000000 ____D C:\Users\gary.jutras\AppData\LocalLow
2012-02-24 12:21 - 2012-02-24 12:21 - 0000000 ____D C:\Program Files (x86)\Service Broker
2012-02-24 12:19 - 2012-02-24 12:19 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2008 DM Content Viewer
2012-02-24 12:13 - 2010-06-21 08:09 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-02-24 12:11 - 2012-02-24 12:11 - 0000000 ____D C:\Program Files\Service Broker
2012-02-24 12:11 - 2012-02-24 12:10 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2008 R2 Upgrade Advisor
2012-02-24 12:02 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-24 11:59 - 2012-02-24 11:59 - 0000000 ____D C:\Program Files\Microsoft SQL Remote Blob Storage 10.50
2012-02-23 14:55 - 2012-02-23 14:55 - 0003714 ____A C:\Users\gary.jutras\Downloads\image_png
2012-02-22 11:21 - 2012-02-17 10:33 - 0000000 ____D C:\Program Files\Samsung
2012-02-22 11:19 - 2012-02-22 11:19 - 0000000 ____D C:\Users\All Users\Samsung
2012-02-22 11:19 - 2012-02-22 11:19 - 0000000 ____D C:\ProgramData\Samsung
2012-02-22 09:41 - 2009-07-14 01:08 - 0032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-21 14:35 - 2010-06-22 13:13 - 0000000 ___RD C:\Users\gary.jutras\Virtual Machines
2012-02-21 14:35 - 2010-06-16 11:36 - 0000174 ___SH C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-21 14:27 - 2010-06-17 12:45 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-19 12:03 - 2010-06-17 15:44 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-02-19 12:03 - 2010-06-17 15:44 - 0000000 ____D C:\ProgramData\FLEXnet
2012-02-17 16:09 - 2011-05-23 11:20 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Motorola
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Program Files\Motorola Inc
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Program Files (x86)\Motorola
2012-02-17 02:38 - 2012-03-26 16:35 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-17 02:38 - 2012-03-26 16:35 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 01:34 - 2012-03-26 16:35 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-17 00:58 - 2012-03-26 16:35 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 00:57 - 2012-03-26 16:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 14:15 - 2010-09-28 16:25 - 0000000 ___SD C:\Users\gary.jutras\Documents\SharePoint Drafts
2012-02-10 02:36 - 2012-03-26 16:58 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 01:38 - 2012-03-26 16:58 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 10:47 - 2012-02-08 10:47 - 3278322 ____A C:\Users\gary.jutras\Downloads\Tapatalk-v1.12.2-Chris07dx.ipa
2012-02-06 15:29 - 2012-02-06 15:26 - 0000000 ____D C:\Users\gary.jutras\Documents\ArtworkRequestEform
2012-02-03 00:34 - 2012-03-26 16:58 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-26 13:14 - 2012-02-06 17:08 - 0731738 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Turkish.scr
2012-01-26 13:14 - 2012-02-06 17:08 - 0731738 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Turkish.scr
2012-01-26 13:14 - 2012-02-06 17:08 - 0729677 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Italian.scr
2012-01-26 13:14 - 2012-02-06 17:08 - 0729677 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Italian.scr
2012-01-26 13:13 - 2012-02-06 17:08 - 0763578 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Thai.scr
2012-01-26 13:13 - 2012-02-06 17:08 - 0763578 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Thai.scr
2012-01-25 02:38 - 2012-03-26 16:58 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 02:38 - 2012-03-26 16:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 02:33 - 2012-03-26 16:58 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 10:44 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\rescache
2012-01-22 12:01 - 2012-01-22 11:55 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-01-22 11:55 - 2012-01-22 11:55 - 0006462 ____A C:\Windows\System32\lvcoinst.log
2012-01-22 11:55 - 2012-01-22 11:54 - 0000000 ____D C:\Program Files\Common Files\LogiShrd
2012-01-22 11:48 - 2012-01-22 11:46 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-01-22 11:46 - 2012-01-22 11:46 - 0000000 ____D C:\Users\All Users\Skype
2012-01-22 11:46 - 2012-01-22 11:46 - 0000000 ____D C:\ProgramData\Skype
2012-01-18 10:50 - 2010-12-09 14:01 - 0000000 ____D C:\Program Files (x86)\Fiddler2
2012-01-18 10:25 - 2012-01-18 10:25 - 0000000 ____D C:\Users\gary.jutras\Documents\Biztalk
2012-01-17 17:10 - 2012-01-17 17:08 - 0004790 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-01-17 17:10 - 2010-07-15 09:51 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-17 16:49 - 2010-06-21 16:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-01-17 16:49 - 2009-07-14 01:32 - 0000000 ____D C:\Program Files\MSBuild
2012-01-17 15:13 - 2010-06-21 14:05 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-01-17 15:12 - 2012-01-17 15:12 - 0000000 ____D C:\Users\All Users\VS
2012-01-17 15:12 - 2012-01-17 15:12 - 0000000 ____D C:\ProgramData\VS
2012-01-17 13:59 - 2010-07-21 11:56 - 0000000 ____D C:\Windows\Cluster
2012-01-17 13:42 - 2010-09-07 12:17 - 0000039 ____A C:\Windows\vbaddin.ini
2012-01-17 11:37 - 2010-06-21 12:12 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2012-01-17 10:59 - 2012-01-17 10:59 - 0000000 ____D C:\Program Files\Microsoft BizTalk Adapter Pack(x64)
2012-01-17 10:34 - 2012-01-17 10:34 - 0000000 ____D C:\Program Files (x86)\Microsoft BizTalk Adapter Pack
2012-01-17 10:17 - 2012-01-17 10:17 - 0000000 ____D C:\Program Files (x86)\WCF LOB Adapter SDK
2012-01-17 10:17 - 2012-01-17 10:16 - 0000000 ____D C:\Program Files\WCF LOB Adapter SDK
2012-01-17 10:14 - 2012-01-17 10:13 - 0000000 ____D C:\Program Files (x86)\Microsoft BizTalk Adapters for Enterprise Applications
2012-01-17 09:04 - 2012-02-06 17:08 - 0760073 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Korean.scr
2012-01-17 09:04 - 2012-02-06 17:08 - 0760073 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Korean.scr
2012-01-17 09:02 - 2012-02-06 17:08 - 0765726 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Japanese.scr
2012-01-17 09:02 - 2012-02-06 17:08 - 0765726 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Japanese.scr
2012-01-16 13:57 - 2012-01-16 13:33 - 0000000 ____D C:\Program Files (x86)\Microsoft BizTalk Server 2010
2012-01-16 13:53 - 2012-01-16 13:31 - 0000000 ____D C:\Program Files\Common Files\Enterprise Single Sign-On
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\avscc_settings
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Realtime Soft
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Ditto
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Avamar
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Local\Red Gate
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Local\FeedDemon
2012-01-16 13:52 - 2012-01-16 13:51 - 0000000 ___RD C:\Users\Gary.Jutra\Virtual Machines
2012-01-16 13:52 - 2010-06-16 18:17 - 0008224 ____A C:\Users\Gary.Jutra\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-16 13:52 - 2010-06-16 17:55 - 0000174 ___SH C:\Users\Gary.Jutra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-16 13:51 - 2012-01-16 13:51 - 0000008 _RASH C:\Users\Gary.Jutra\ntuser.pol
2012-01-16 13:51 - 2012-01-16 13:51 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Intel
2012-01-16 13:51 - 2012-01-16 13:51 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Local\Verdiem
2012-01-16 13:51 - 2010-06-16 17:55 - 0000000 ____D C:\Users\Gary.Jutra\AppData\LocalLow
2012-01-16 13:31 - 2010-06-21 13:14 - 0000000 ____D C:\Program Files\SQLXML 4.0
2012-01-16 13:31 - 2010-06-21 13:14 - 0000000 ____D C:\Program Files (x86)\SQLXML 4.0
2012-01-13 16:33 - 2012-02-06 17:08 - 0767208 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-ChineseTraditional.scr
2012-01-13 16:33 - 2012-02-06 17:08 - 0767208 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-ChineseTraditional.scr
2012-01-12 14:57 - 2012-02-06 17:08 - 0730945 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 14:57 - 2012-02-06 17:08 - 0730945 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0762740 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0762740 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0730434 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0730434 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0733165 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Russian.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0733165 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Russian.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0730967 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0730967 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 14:53 - 2012-02-06 17:08 - 0730909 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 14:53 - 2012-02-06 17:08 - 0730909 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731597 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Polish.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731597 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Polish.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731045 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Malay.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731045 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Malay.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0732075 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-German.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0732075 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-German.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0731154 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Hungarian.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0731154 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Hungarian.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0732289 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Greek.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0732289 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Greek.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0730338 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0730338 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 14:48 - 2012-02-06 17:08 - 0730309 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 14:48 - 2012-02-06 17:08 - 0730309 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 14:47 - 2012-02-06 17:08 - 0730318 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Dutch.scr
2012-01-12 14:47 - 2012-02-06 17:08 - 0730318 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Dutch.scr
2012-01-12 14:44 - 2012-02-06 17:08 - 0731140 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreenSaver-Danish.scr
2012-01-12 14:44 - 2012-02-06 17:08 - 0731140 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreenSaver-Danish.scr
2012-01-05 11:47 - 2012-01-05 11:47 - 0000000 ____D C:\Program Files (x86)\JetBrains
2012-01-04 06:44 - 2012-02-21 13:09 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 06:44 - 2012-02-21 13:09 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 04:59 - 2012-02-21 13:09 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 04:58 - 2012-02-21 13:09 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 7089.82 MB
Available physical RAM: 5965.57 MB
Total Pagefile: 11184.02 MB
Available Pagefile: 10188.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:97.93 GB) NTFS
3 Drive k: (465GigWDElements) (Fixed) (Total:465.76 GB) (Free:197.79 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 K 465GigWDEle NTFS Partition 465 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 09:29

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 30 March 2012 - 01:03 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gjutras

gjutras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 30 March 2012 - 01:16 PM

Hi Gringo,

here's the orl.txt

OTL logfile created on: 3/30/2012 2:05:58 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = K:\packages\Ad-Aware
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.92 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 24.59% Memory free
10.92 Gb Paging File | 6.22 Gb Available in Paging File | 56.93% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 97.79 Gb Free Space | 32.82% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 194.82 Gb Free Space | 41.83% Space Free | Partition Type: NTFS

Computer Name: TAMANS-JUTRAGA1 | User Name: gary.jutras | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - K:\packages\Ad-Aware\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5w.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files (x86)\Ditto\Ditto.exe ()
PRC - C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft BizTalk Server 2010\BTSNTSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Microsoft BizTalk\RuleEngineUpdateService.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe (NirSoft)
PRC - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Quest Software\Toad for Data Analysts 2.7\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
PRC - C:\oracle\product\11.2.0\client_1\bin\omtsreco.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSession.exe (Verdiem Corporation)
PRC - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSD.exe (Verdiem Corporation)
PRC - C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\SafeBoot\SbTokWatch.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\SafeBoot\SbClientManager.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe ()
PRC - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe (Red Gate Software Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e310c89edd37695bcf8372dff46370b8\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d69f6f53b86422a1993307c96237a12f\Microsoft.SqlServer.PolicyEnum.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\32d82f6476f0bdf5f75626e8661f19ee\Microsoft.SqlServer.BatchParserClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\7128f12b90731d1d37e4bae44e2130a9\Microsoft.TeamFoundation.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\904dbc41aa5dfeeb380c664c6114487f\Microsoft.TeamFoundation.VersionControl.Client.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\369c57483c270a3c91dc8ccd085022cb\Microsoft.TeamFoundation.VersionControl.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\2bfcce97cbceae59434318c934e8a9ce\Microsoft.TeamFoundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\4a5582316a74f2cef2ce78a1d2b08ea1\Microsoft.TeamFoundation.Common.Library.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\6f597ad62cf478180537385222f7e35e\Microsoft.TeamFoundation.Client.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorerRepli#\272f15060cf4491a4c8de94a7075a1f5\ObjectExplorerReplication.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bca1f42a8a94dcae2a4c90385a3b995d\Microsoft.SqlServer.Management.SqlStudio.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fa5d66b92cfd21184aaa853bfe9260f8\Microsoft.SqlServer.Management.SqlStudio.Explorer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorer\0b9f97cf12b85d4f3221cb5d4223f966\ObjectExplorer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\881342ce654d504e0b802532528e8652\Microsoft.SqlServer.Management.Reports.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\AppIDPackage\1d77cb2ec53615fbc50c6a05d393cd95\AppIDPackage.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\41467047cf75787d4c7b3a700c3d70c2\Microsoft.SqlServer.SqlTools.VSIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cc885cc77191f924790be4bbacd307e8\Microsoft.SqlServer.Management.SDK.SqlStudio.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6f8a8d0245e4b38cf697dc943238b08f\Microsoft.SqlServer.Management.UserSettings.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d0610255e064a122860009920689a6ac\Microsoft.SqlServer.Sqm.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\a1f83cc9a81e5e0c8e1197ec7578bf53\Microsoft.DataWarehouse.SQM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4760ab1464787ed993c88b870a140d46\Microsoft.SqlServer.Management.RegisteredServers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ConnectionDlg\b07e27fd566438f740458e6c6eca92fc\ConnectionDlg.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3da8d79c33bac43c3b2cf96dd122b0ef\Microsoft.SqlServer.Management.Controls.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SqlMgmt\6d619adc5390a022bc6662d605c2a4c7\SqlMgmt.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SqlWorkbench.Interf#\de2756ac18bcaf38e8cdc201c4095a12\SqlWorkbench.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ad5cbd8dcdd4d99b5b1320bc8a5fb5df\Microsoft.SqlServer.Dmf.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b153fafc3a9840ff6deeeffb92671c0c\Microsoft.SqlServer.SqlEnum.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\08aa1af2df47fb9375f882b8148212b2\Microsoft.SqlServer.Smo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\14edbb8fd97c908f5ce7ae161946b71a\Microsoft.VisualStudio.Shell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\d90cf5ec364332e330905a7651333684\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\05c4407d357b123efbaa53a9e72021da\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6d83047b81e9aa3625166547faa5abc7\Microsoft.SqlServer.ConnectionInfo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fe480b7deeb8c67798d6901657745f60\Microsoft.SqlServer.RegSvrEnum.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6a59627c7d11e3be98243b9089a2cfbf\Microsoft.SqlServer.Diagnostics.STrace.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0a0a5da75c769055cc65c5ef91fe1162\Microsoft.SqlServer.SqlTDiagM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a09d397c3a4eb60b04a0628cc187ce34\System.Drawing.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\dabf656f7b4cf7a29e14921bab70e339\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\msvcm80\92bff654819a494f41adce71a8946802\msvcm80.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7c3bc893fd855cade498568757e92af8\Microsoft.SqlServer.SString.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\42ea027de9db76ba92177aca1f9a8b9f\Microsoft.SqlServer.SqlClrProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f695c1ceadf135ef5e87ad2398cd02d6\Microsoft.SqlServer.BatchParser.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.BatchParser.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll ()
MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f621531400b2c9f61e8691245b1be603\Microsoft.VisualStudio.Designer.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\9833fdb27533fa9c3508155beb9e2ecf\EnvDTE80.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a2a492495fc60cf8a2e84582c67ecdb5\Microsoft.SqlServer.Instapi.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2274b7340af62daf9518bf499510fd3d\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\d2874b2a5834dd2478d8d57697f03735\EnvDTE.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\650086da87ba0b627394772b8c8a4fb5\stdole.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fe36242e0e9433a128279f3f58d705a8\Microsoft.VisualStudio.Shell.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1210b742b40935a614082b6358c5b9a3\Microsoft.VisualStudio.OLE.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6d0f6406d41385b27bd90c1e3f2a1b09\Microsoft.VisualStudio.TextManager.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Ditto\Ditto.exe ()
MOD - C:\Program Files (x86)\Ditto\focus.dll ()
MOD - C:\Program Files (x86)\Ditto\sqlite3.dll ()
MOD - C:\Program Files (x86)\Ditto\zlib1.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\GNU\libxml2.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\wodTelnetDLX.ocx ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\uejs.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\idm_tidylib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll ()
MOD - C:\Program Files (x86)\Red Gate\SQL Refactor 1\1033\SqlRefactorTopMenuDecoration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommonIDE.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSessionPS.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSDps.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\log4cxx.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\libexpatw.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\GNU\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe ()
MOD - C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\x86\TfsComProviderStub.DLL ()
MOD - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avbackup) -- C:\Program Files\avs\bin\avagent.exe (EMC Corporation)
SRV:64bit: - (Synergy Server) -- C:\Program Files\Synergy\synergys.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()
SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()
SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()
SRV:64bit: - (ENTSSO) -- C:\Program Files\Common Files\Enterprise Single Sign-On\ENTSSO.exe (Microsoft Corporation)
SRV:64bit: - (ANTS Memory Profiler 5 Service) -- C:\Program Files\Red Gate\ANTS Memory Profiler 5\RedGate.Memory.IISService.exe (Red Gate Software Ltd.)
SRV:64bit: - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV:64bit: - (FMAuditAgent) -- C:\Program Files\FMAudit, LLC\FMAudit Agent\fmaagent.exe (FMAudit, LLC)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (pcradminserver) -- C:\Windows\SysNative\netbt.dll (Oak Technology Inc.)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (ANTS Performance Profiler 5 Service) -- C:\Program Files\Red Gate\ANTS Performance Profiler 5\RedGate.Profiler.IISService.exe (Red Gate Software Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Tomcat5) -- C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5.exe (Apache Software Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe (McAfee, Inc.)
SRV - (BTSSvc$BizTalkServerApplication) -- C:\Program Files (x86)\Microsoft BizTalk Server 2010\BTSNTSvc.exe (Microsoft Corporation)
SRV - (RuleEngineUpdateService) -- C:\Program Files (x86)\Common Files\Microsoft BizTalk\RuleEngineUpdateService.exe (Microsoft Corporation)
SRV - (hips) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe (McAfee, Inc.)
SRV - (enterceptAgent) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
SRV - (DB2MGMTSVC_TACOM27) DB2 Management Service (TACOM27) -- C:\Program Files (x86)\Quest Software\Toad for Data Analysts 2.7\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
SRV - (SSBExternalActivator) -- C:\Program Files (x86)\Service Broker\External Activator\Bin\ssbeas.exe (Microsoft Corporation)
SRV - (OracleMTSRecoveryService) -- C:\oracle\product\11.2.0\client_1\bin\omtsreco.exe (Oracle Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (Cwbrxd) -- C:\Windows\cwbrxd.exe (IBM Corporation)
SRV - (FLCDLOCK) -- C:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SurveyorSD) -- C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSD.exe (Verdiem Corporation)
SRV - (CcmExec) -- C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\SysWOW64\CCM\TSManager.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SafeBootClientManager) -- C:\Program Files (x86)\SafeBoot\SbClientManager.exe (McAfee, Inc.)
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (BMFMySQL) -- C:\ProgramData\Quest Software\BMF\Repository\MySQL\bin\mysqld-max-nt.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (RsFx0151) -- C:\Windows\SysNative\drivers\RsFx0151.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (HIPK) -- C:\Windows\SysNative\drivers\HIPK.sys (McAfee, Inc.)
DRV:64bit: - (HIPPSK) -- C:\Windows\SysNative\drivers\HIPPSK.sys (McAfee, Inc.)
DRV:64bit: - (HIPQK) -- C:\Windows\SysNative\drivers\HIPQK.sys (McAfee, Inc.)
DRV:64bit: - (FireTDI) -- C:\Windows\SysNative\drivers\FireTDI.sys (McAfee, Inc.)
DRV:64bit: - (FirePM) -- C:\Windows\SysNative\drivers\FirePM.sys (McAfee, Inc.)
DRV:64bit: - (firelm01) -- C:\Windows\SysNative\drivers\firelm01.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.)
DRV:64bit: - (LVUVC64) Logitech QuickCam S5500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SBAlg) -- C:\Windows\SysNative\drivers\sbalg.sys (SafeBoot N.V.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (SbRegFlt) -- C:\Windows\SysNative\drivers\sbregflt.sys (McAfee, Inc.)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\sbfslock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\rsvlock.sys (McAfee, Inc.)
DRV:64bit: - (SbFlop) -- C:\Windows\SysNative\drivers\sbflop.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\safeboot.sys ()
DRV:64bit: - (FirehkMP) -- C:\Windows\SysNative\drivers\firehk.sys (McAfee, Inc.)
DRV:64bit: - (Firehk) -- C:\Windows\SysNative\drivers\firehk.sys (McAfee, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (prepdrvr) -- C:\Windows\SysWOW64\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (SBAlg) -- C:\Windows\SysWow64\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SbRegFlt) -- C:\Windows\SysWow64\drivers\SbRegFlt.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\Windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\Windows\SysWow64\drivers\RsvLock.sys (McAfee, Inc.)
DRV - (SbFlop) -- C:\Windows\SysWow64\drivers\SbFlop.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\Windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (VSPerfDrv90) -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes,DefaultScope = {C217808B-7D1E-4E41-96DA-01F9F6D702CF}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{B6C47120-413B-410F-ABE5-29B2E9A0E900}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{C217808B-7D1E-4E41-96DA-01F9F6D702CF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{E75378C6-DF1B-4B85-9DEA-FA237DAA470A}: "URL" = http://www.pricestalker.net/ProductSearch.aspx?keyword={searchTerms}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{F73820C6-8FD0-4562-8276-DB5E335F4768}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://Pulse
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes,DefaultScope = {C217808B-7D1E-4E41-96DA-01F9F6D702CF}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{B6C47120-413B-410F-ABE5-29B2E9A0E900}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{C217808B-7D1E-4E41-96DA-01F9F6D702CF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{E75378C6-DF1B-4B85-9DEA-FA237DAA470A}: "URL" = http://www.pricestalker.net/ProductSearch.aspx?keyword={searchTerms}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{F73820C6-8FD0-4562-8276-DB5E335F4768}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.7.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.2.9
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61636
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gary.jutras\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gary.jutras\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2012/01/18 10:50:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/05/10 08:50:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/06/22 07:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 10:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 10:54:25 | 000,000,000 | ---D | M]

[2010/09/13 11:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Extensions
[2010/07/07 10:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/03/09 15:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Firefox\Profiles\92ip19u4.default\extensions
[2010/09/20 09:00:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Firefox\Profiles\92ip19u4.default\extensions\LogMeInClient@logmein.com
[2012/03/22 09:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/22 11:48:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/03 16:12:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
[2011/04/01 09:52:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/01/18 10:50:39 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
[2011/06/22 07:51:44 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/05/10 08:50:57 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Microsoft Web Test Recorder Helper) - {62355041-605D-4469-84FD-5D66ED67A7E3} - C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Wireless Driver Update] C:\Windows\Tools\Wireless\UpdateWireless_Local.vbs ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SafeBootTokenWatcher] C:\Program Files (x86)\SafeBoot\SbTokWatch.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SurveyorSession] C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSession.exe (Verdiem Corporation)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [FeedDemon] C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Push Client] C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [SansaDispatch] C:\Users\Gary.Jutra\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe File not found
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Volumouse] C:\Program Files\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Volumouse32] C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [ApacheTomcatMonitor5.5_Tomcat5] C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5w.exe (Apache Software Foundation)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [FeedDemon] C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [MusicManager] C:\Users\gary.jutras\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Push Client] C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [SansaDispatch] C:\Users\gary.jutras\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Volumouse] C:\Program Files\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Volumouse32] C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\gary.jutras\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\NPJPI150_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: na-applications ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: compliancewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: covidien.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: kaplanwire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: knowledgewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: mkg.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: tamans-it08v ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: thcg.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: compliancewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: covidien.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: covidien.com ([sso] * in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: covidien.com ([webmail] * in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: kaplanwire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: knowledgewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: mkg.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: symanteccloud.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: tamans-it08v ([]http in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: TAMANS-SM02 ([]File in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: thcg.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: thcg.net ([TAMANS-SM02] File in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Ranges: Range2 ([*] in Local intranet)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} http://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab (JavaPlugin.Object)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://tamans-it08v:8080/qcbin/Spider91.cab (Loader Class v4)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://btc.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://dr-remote.covidien.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools http://email05.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.202.107 10.0.202.108 10.0.202.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thcg.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2130A9D8-234E-4ECC-947F-7C161C30F219}: NameServer = 10.0.202.108,10.0.202.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D46210D-D2B5-4F53-91C6-DDF493DDBB4E}: DhcpNameServer = 10.0.202.107 10.0.202.108 10.0.202.109
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qrev - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files (x86)\Quest Software\Toad for Oracle 10.6\RNetPin.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/20 12:44:12 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 12:45:13 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/03/30 12:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/03/30 10:34:34 | 000,047,080 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\HIPIS0e011b5.dll
[2012/03/30 10:34:34 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysWow64\HIPIS0e011b5.dll
[2012/03/30 10:25:02 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/29 11:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/29 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/29 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/27 12:09:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/27 11:53:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/27 11:51:29 | 000,200,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SafeBoot.scr
[2012/03/27 11:40:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/27 10:06:00 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/03/27 10:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/03/27 10:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/03/27 10:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/03/26 16:58:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/26 16:58:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/26 16:58:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/26 16:58:03 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/26 16:35:54 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/03/26 16:35:54 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/26 16:35:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/25 18:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/22 11:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/22 09:39:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/21 15:51:57 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\Safer Networking
[2012/03/21 15:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/03/21 15:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/03/21 15:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/21 15:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/21 15:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/03/21 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\Malwarebytes
[2012/03/21 10:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/21 10:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/21 10:57:09 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/21 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/21 10:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\947E3
[2012/03/21 10:47:04 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\72A94
[2012/03/20 08:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMC Avamar
[2012/03/20 08:55:06 | 000,930,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ccmcore.dll
[2012/03/20 08:55:06 | 000,026,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xprslib.dll
[2012/03/20 08:54:15 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2012/03/19 11:18:26 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2012/03/09 10:22:15 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\Documents\My Safes
[2012/03/09 10:22:09 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Local\PasswordSafe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/30 14:05:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531UA.job
[2012/03/30 12:45:49 | 000,017,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 12:45:48 | 000,017,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/30 10:48:28 | 001,367,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/30 10:48:28 | 001,075,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/30 10:48:28 | 000,274,248 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/30 10:42:33 | 000,000,475 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/03/30 10:38:18 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/30 10:35:04 | 000,127,577 | ---- | M] () -- C:\Windows\SysWow64\api_hook_list.dat
[2012/03/30 10:35:03 | 000,002,033 | ---- | M] () -- C:\Windows\SysNative\api_hook_list.dat
[2012/03/30 10:34:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/03/30 10:33:55 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/30 10:33:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 10:33:20 | 1280,692,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 10:05:42 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/30 10:05:42 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/30 09:05:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531Core.job
[2012/03/30 08:44:20 | 000,002,128 | -H-- | M] () -- C:\Users\gary.jutras\Documents\Default.rdp
[2012/03/29 15:14:49 | 000,000,703 | ---- | M] () -- C:\Windows\NewsRover.INI
[2012/03/29 09:25:05 | 000,001,256 | ---- | M] () -- C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/27 11:51:29 | 000,200,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\SafeBoot.scr
[2012/03/27 11:01:02 | 002,354,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/27 10:06:00 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/03/27 10:05:58 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/03/27 09:45:08 | 000,025,304 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/26 10:35:11 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/03/26 10:26:01 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/03/21 11:16:35 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\RfmDat2.dat
[2012/03/20 08:57:53 | 000,001,001 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\client.lnk
[2012/03/20 08:55:07 | 001,384,864 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/20 08:55:06 | 000,004,764 | ---- | M] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/03/20 08:55:06 | 000,000,621 | ---- | M] () -- C:\Windows\SysWow64\CcmFramework.h
[2012/03/20 08:50:39 | 000,003,768 | RHS- | M] () -- C:\Users\gary.jutras\ntuser.pol
[2012/03/16 13:40:43 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/03/14 16:15:45 | 000,000,977 | ---- | M] () -- C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/12 16:18:46 | 000,018,631 | ---- | M] () -- C:\Users\gary.jutras\Documents\ppm.sql
[2012/03/12 12:26:42 | 000,006,448 | ---- | M] () -- C:\Users\gary.jutras\Documents\SurgeonToXml.sql
[2012/03/07 23:49:06 | 000,143,008 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysWow64\KevlarSigs.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/30 10:35:03 | 000,127,577 | ---- | C] () -- C:\Windows\SysWow64\api_hook_list.dat
[2012/03/30 10:35:03 | 000,002,033 | ---- | C] () -- C:\Windows\SysNative\api_hook_list.dat
[2012/03/30 10:21:20 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/27 11:52:26 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/27 11:00:41 | 002,354,064 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/27 10:23:42 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/03/27 10:03:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/27 10:03:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/20 08:55:06 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/03/20 08:55:06 | 000,000,621 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.h
[2012/03/07 17:47:20 | 000,006,448 | ---- | C] () -- C:\Users\gary.jutras\Documents\SurgeonToXml.sql
[2012/03/07 16:13:45 | 002,497,570 | ---- | C] () -- C:\Users\gary.jutras\Documents\zipcode.csv
[2011/12/16 12:49:13 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2011/08/18 08:00:14 | 000,190,508 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/17 12:55:55 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/06/14 13:14:48 | 000,000,483 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/28 12:20:24 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/05/28 12:20:23 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/05/28 12:20:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/05/28 12:20:23 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/05/28 12:20:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/05/28 12:20:23 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/05/28 12:20:23 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/05/28 12:20:23 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/05/28 12:20:23 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/05/28 12:20:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/05/28 12:20:23 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/05/28 12:20:23 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/05/28 12:20:23 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/05/28 12:20:23 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/05/28 12:20:23 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/05/28 12:20:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/05/24 14:15:33 | 000,000,982 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\1E09F71F.il
[2011/05/24 14:15:33 | 000,000,280 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\IndexIE_1E09F71F.il
[2011/04/08 13:09:02 | 000,000,600 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\PUTTY.RND
[2011/02/14 11:28:20 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\RfmDat2.dat
[2011/02/14 11:27:08 | 000,000,099 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\fusioncache.dat
[2011/02/03 12:53:01 | 000,005,120 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/03 16:32:39 | 000,110,631 | ---- | C] () -- C:\Windows\News Rover Uninstaller.exe
[2010/11/09 10:27:21 | 000,000,703 | ---- | C] () -- C:\Windows\NewsRover.INI
[2010/10/18 11:35:04 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/10/15 11:07:37 | 000,036,972 | ---- | C] () -- C:\Windows\SysWow64\ActPanel.dll
[2010/09/13 11:15:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/09 14:56:05 | 000,004,096 | -H-- | C] () -- C:\Users\gary.jutras\AppData\Local\keyfile3.drm
[2010/07/30 10:50:09 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/21 11:57:42 | 000,001,311 | ---- | C] () -- C:\Windows\SysWow64\DfsMgmt.dll.config
[2010/07/21 11:56:59 | 000,001,315 | ---- | C] () -- C:\Windows\DfsrAdmin.exe.config
[2010/07/15 09:54:30 | 000,051,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\atnt40k.sys
[2010/06/22 15:33:11 | 000,000,231 | ---- | C] () -- C:\Windows\mercury.ini
[2010/06/17 16:10:06 | 000,256,560 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2010/06/17 16:10:06 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2010/06/17 16:10:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/06/17 11:44:16 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/06/17 11:44:16 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/06/17 11:44:16 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/06/17 11:44:16 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/06/17 11:44:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/06/17 11:44:16 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/06/17 11:35:27 | 000,001,232 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/17 11:06:21 | 001,384,864 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/17 11:06:11 | 000,000,475 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/06/17 10:12:50 | 000,007,591 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\resmon.resmoncfg
[2010/06/16 18:26:03 | 000,025,304 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/01 12:07:18 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign

< End of report >

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 30 March 2012 - 03:18 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [SansaDispatch] C:\Users\Gary.Jutra\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe File not found
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O16 - DPF: {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_20-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: Web-Based Email Tools http://email05.secureserver.net/Download.CAB (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\qrev - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    SRV:64bit: - (pcradminserver) -- C:\Windows\SysNative\netbt.dll (Oak Technology Inc.)
      
    :files
    C:\windows\tasks\At*.job
    C:\Windows\SysNative\netbt.dll
    [2012/03/30 10:33:55 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gjutras

gjutras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 30 March 2012 - 03:37 PM

It looks like the commands all worked as intended, but the popups are still happening.

Report follows:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2264471342-2409993175-2669358546-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SansaDispatch deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Starting removal of ActiveX control {CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
c:\winnt\Downloaded Program Files\jinstall_1_3_1_20.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Web-Based Email Tools
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\qrev\ deleted successfully.
File Protocol\Handler\qrev - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.
Service pcradminserver stopped successfully!
Service pcradminserver deleted successfully!
C:\Windows\SysNative\netbt.dll moved successfully.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
C:\windows\tasks\At5.job moved successfully.
File\Folder C:\Windows\SysNative\netbt.dll not found.
Invalid Switch: 30 10:33:55 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
K:\packages\Ad-Aware\cmd.bat deleted successfully.
K:\packages\Ad-Aware\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: app.gary.jutras

User: ASP.NET V2.0

User: ASP.NET v4.0

User: ASP.NET v4.0 Classic

User: Classic .NET AppPool

User: classicasp

User: Default

User: Default User

User: DefaultAppPool

User: Gary.Jutra

User: gary.jutras
->Java cache emptied: 31012308 bytes

User: GARY~2~JUT

User: Public

Total Java Files Cleaned = 30.00 mb


[EMPTYFLASH]

User: All Users

User: app.gary.jutras

User: ASP.NET V2.0

User: ASP.NET v4.0

User: ASP.NET v4.0 Classic
->Flash cache emptied: 56466 bytes

User: Classic .NET AppPool

User: classicasp

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool

User: Gary.Jutra

User: gary.jutras
->Flash cache emptied: 60340 bytes

User: GARY~2~JUT

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03302012_163227

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 30 March 2012 - 08:25 PM

Rerun OTL again for me please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 01 April 2012 - 11:24 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gjutras

gjutras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 02 April 2012 - 07:55 AM

Sorry, was away for the weekend,

Here's the otl log:

OTL logfile created on: 4/2/2012 8:38:54 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = K:\packages\Ad-Aware
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.92 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 17.64% Memory free
10.92 Gb Paging File | 5.35 Gb Available in Paging File | 48.99% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 97.24 Gb Free Space | 32.63% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 194.82 Gb Free Space | 41.83% Space Free | Partition Type: NTFS

Computer Name: TAMANS-JUTRAGA1 | User Name: gary.jutras | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - K:\packages\Ad-Aware\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5w.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files (x86)\Ditto\Ditto.exe ()
PRC - C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft BizTalk Server 2010\BTSNTSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Microsoft BizTalk\RuleEngineUpdateService.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe (NirSoft)
PRC - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Quest Software\Toad for Data Analysts 2.7\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
PRC - C:\oracle\product\11.2.0\client_1\bin\omtsreco.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSession.exe (Verdiem Corporation)
PRC - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSD.exe (Verdiem Corporation)
PRC - C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\SafeBoot\SbTokWatch.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\SafeBoot\SbClientManager.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe ()
PRC - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe (Red Gate Software Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e310c89edd37695bcf8372dff46370b8\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d69f6f53b86422a1993307c96237a12f\Microsoft.SqlServer.PolicyEnum.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\32d82f6476f0bdf5f75626e8661f19ee\Microsoft.SqlServer.BatchParserClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\7128f12b90731d1d37e4bae44e2130a9\Microsoft.TeamFoundation.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\904dbc41aa5dfeeb380c664c6114487f\Microsoft.TeamFoundation.VersionControl.Client.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\369c57483c270a3c91dc8ccd085022cb\Microsoft.TeamFoundation.VersionControl.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\2bfcce97cbceae59434318c934e8a9ce\Microsoft.TeamFoundation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\4a5582316a74f2cef2ce78a1d2b08ea1\Microsoft.TeamFoundation.Common.Library.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.TeamFound#\6f597ad62cf478180537385222f7e35e\Microsoft.TeamFoundation.Client.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SQLEditors\6511429dbf1d72345e908f90dab6d7c0\SQLEditors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ce1a53f591e7d8a770dee2146a828aaf\Microsoft.VisualStudio.Package.LanguageService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\RadLangSvc\2999dfcfe8d106f1f72aee150c860571\RadLangSvc.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorerRepli#\272f15060cf4491a4c8de94a7075a1f5\ObjectExplorerReplication.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bca1f42a8a94dcae2a4c90385a3b995d\Microsoft.SqlServer.Management.SqlStudio.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\71b337250d8bbe0767cb70cf94aa3cd3\Microsoft.SqlServer.Management.Scripting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fa5d66b92cfd21184aaa853bfe9260f8\Microsoft.SqlServer.Management.SqlStudio.Explorer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e0b892e3e2f8689533edfd55871f98fe\Microsoft.VisualStudio.Shell.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\87c26a8b8831b567bf0233eaaf713ea9\Microsoft.SqlServer.Management.Dac.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ObjectExplorer\0b9f97cf12b85d4f3221cb5d4223f966\ObjectExplorer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\881342ce654d504e0b802532528e8652\Microsoft.SqlServer.Management.Reports.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\AppIDPackage\1d77cb2ec53615fbc50c6a05d393cd95\AppIDPackage.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\41467047cf75787d4c7b3a700c3d70c2\Microsoft.SqlServer.SqlTools.VSIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cc885cc77191f924790be4bbacd307e8\Microsoft.SqlServer.Management.SDK.SqlStudio.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6f8a8d0245e4b38cf697dc943238b08f\Microsoft.SqlServer.Management.UserSettings.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d0610255e064a122860009920689a6ac\Microsoft.SqlServer.Sqm.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\a1f83cc9a81e5e0c8e1197ec7578bf53\Microsoft.DataWarehouse.SQM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4760ab1464787ed993c88b870a140d46\Microsoft.SqlServer.Management.RegisteredServers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ConnectionDlg\b07e27fd566438f740458e6c6eca92fc\ConnectionDlg.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3da8d79c33bac43c3b2cf96dd122b0ef\Microsoft.SqlServer.Management.Controls.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dd1738f3f6aea98ed28292549af9fdf3\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e150f9c2970e91d52479a3ac9448baa3\Microsoft.SqlServer.Types.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SqlMgmt\6d619adc5390a022bc6662d605c2a4c7\SqlMgmt.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SqlWorkbench.Interf#\de2756ac18bcaf38e8cdc201c4095a12\SqlWorkbench.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a046e382882e8274d606f98c216d77d7\Microsoft.SqlServer.Management.SqlParser.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ad5cbd8dcdd4d99b5b1320bc8a5fb5df\Microsoft.SqlServer.Dmf.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b153fafc3a9840ff6deeeffb92671c0c\Microsoft.SqlServer.SqlEnum.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\08aa1af2df47fb9375f882b8148212b2\Microsoft.SqlServer.Smo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\14edbb8fd97c908f5ce7ae161946b71a\Microsoft.VisualStudio.Shell.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\d90cf5ec364332e330905a7651333684\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\05c4407d357b123efbaa53a9e72021da\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6d83047b81e9aa3625166547faa5abc7\Microsoft.SqlServer.ConnectionInfo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fe480b7deeb8c67798d6901657745f60\Microsoft.SqlServer.RegSvrEnum.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\744d097550af77adcb0fe384d040a296\Microsoft.SqlServer.GridControl.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5e72edb074b110c927bc4603c1b23a54\Microsoft.SqlServer.DataStorage.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6a59627c7d11e3be98243b9089a2cfbf\Microsoft.SqlServer.Diagnostics.STrace.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0a0a5da75c769055cc65c5ef91fe1162\Microsoft.SqlServer.SqlTDiagM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a09d397c3a4eb60b04a0628cc187ce34\System.Drawing.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\f89f5d786e54381f9058656271a0aca8\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\dabf656f7b4cf7a29e14921bab70e339\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\msvcm80\92bff654819a494f41adce71a8946802\msvcm80.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7c3bc893fd855cade498568757e92af8\Microsoft.SqlServer.SString.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\42ea027de9db76ba92177aca1f9a8b9f\Microsoft.SqlServer.SqlClrProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f695c1ceadf135ef5e87ad2398cd02d6\Microsoft.SqlServer.BatchParser.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.BatchParser.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll ()
MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f621531400b2c9f61e8691245b1be603\Microsoft.VisualStudio.Designer.Interfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\9833fdb27533fa9c3508155beb9e2ecf\EnvDTE80.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a2a492495fc60cf8a2e84582c67ecdb5\Microsoft.SqlServer.Instapi.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ebc47a06c5b05deee44e31844949ec3e\Microsoft.VisualStudio.TextManager.Interop.8.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2274b7340af62daf9518bf499510fd3d\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\d2874b2a5834dd2478d8d57697f03735\EnvDTE.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\650086da87ba0b627394772b8c8a4fb5\stdole.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fe36242e0e9433a128279f3f58d705a8\Microsoft.VisualStudio.Shell.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1210b742b40935a614082b6358c5b9a3\Microsoft.VisualStudio.OLE.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6d0f6406d41385b27bd90c1e3f2a1b09\Microsoft.VisualStudio.TextManager.Interop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Ditto\Ditto.exe ()
MOD - C:\Program Files (x86)\Ditto\focus.dll ()
MOD - C:\Program Files (x86)\Ditto\sqlite3.dll ()
MOD - C:\Program Files (x86)\Ditto\zlib1.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\GNU\libxml2.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\wodTelnetDLX.ocx ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\uejs.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\idm_tidylib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll ()
MOD - C:\Program Files (x86)\Red Gate\SQL Refactor 1\1033\SqlRefactorTopMenuDecoration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommonIDE.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll ()
MOD - C:\Windows\SysWOW64\cwbrw.dll ()
MOD - C:\Windows\SysWOW64\cwbsv.dll ()
MOD - C:\Windows\SysWOW64\cwbnl.dll ()
MOD - C:\Windows\SysWOW64\cwbco.dll ()
MOD - C:\Windows\SysWOW64\cwbad.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSessionPS.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSDps.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\log4cxx.dll ()
MOD - C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\libexpatw.dll ()
MOD - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\GNU\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe ()
MOD - C:\Program Files (x86)\Microsoft Team Foundation Server 2008 Power Tools\x86\TfsComProviderStub.DLL ()
MOD - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avbackup) -- C:\Program Files\avs\bin\avagent.exe (EMC Corporation)
SRV:64bit: - (Synergy Server) -- C:\Program Files\Synergy\synergys.exe ()
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation)
SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()
SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()
SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()
SRV:64bit: - (ENTSSO) -- C:\Program Files\Common Files\Enterprise Single Sign-On\ENTSSO.exe (Microsoft Corporation)
SRV:64bit: - (ANTS Memory Profiler 5 Service) -- C:\Program Files\Red Gate\ANTS Memory Profiler 5\RedGate.Memory.IISService.exe (Red Gate Software Ltd.)
SRV:64bit: - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV:64bit: - (FMAuditAgent) -- C:\Program Files\FMAudit, LLC\FMAudit Agent\fmaagent.exe (FMAudit, LLC)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (ssm_bus) -- C:\Windows\SysNative\bgmainsvc.dll (Oak Technology Inc.)
SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation)
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (ANTS Performance Profiler 5 Service) -- C:\Program Files\Red Gate\ANTS Performance Profiler 5\RedGate.Profiler.IISService.exe (Red Gate Software Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (Tomcat5) -- C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5.exe (Apache Software Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe (McAfee, Inc.)
SRV - (BTSSvc$BizTalkServerApplication) -- C:\Program Files (x86)\Microsoft BizTalk Server 2010\BTSNTSvc.exe (Microsoft Corporation)
SRV - (RuleEngineUpdateService) -- C:\Program Files (x86)\Common Files\Microsoft BizTalk\RuleEngineUpdateService.exe (Microsoft Corporation)
SRV - (hips) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe (McAfee, Inc.)
SRV - (enterceptAgent) -- C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
SRV - (DB2MGMTSVC_TACOM27) DB2 Management Service (TACOM27) -- C:\Program Files (x86)\Quest Software\Toad for Data Analysts 2.7\SQLLIB\BIN\db2mgmtsvc.exe (International Business Machines Corporation)
SRV - (SSBExternalActivator) -- C:\Program Files (x86)\Service Broker\External Activator\Bin\ssbeas.exe (Microsoft Corporation)
SRV - (OracleMTSRecoveryService) -- C:\oracle\product\11.2.0\client_1\bin\omtsreco.exe (Oracle Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (Cwbrxd) -- C:\Windows\cwbrxd.exe (IBM Corporation)
SRV - (FLCDLOCK) -- C:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SurveyorSD) -- C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSD.exe (Verdiem Corporation)
SRV - (CcmExec) -- C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\SysWOW64\CCM\TSManager.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SafeBootClientManager) -- C:\Program Files (x86)\SafeBoot\SbClientManager.exe (McAfee, Inc.)
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (BMFMySQL) -- C:\ProgramData\Quest Software\BMF\Repository\MySQL\bin\mysqld-max-nt.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (RsFx0151) -- C:\Windows\SysNative\drivers\RsFx0151.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mfetdik) -- C:\Windows\SysNative\drivers\mfetdik.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (HIPK) -- C:\Windows\SysNative\drivers\HIPK.sys (McAfee, Inc.)
DRV:64bit: - (HIPPSK) -- C:\Windows\SysNative\drivers\HIPPSK.sys (McAfee, Inc.)
DRV:64bit: - (HIPQK) -- C:\Windows\SysNative\drivers\HIPQK.sys (McAfee, Inc.)
DRV:64bit: - (FireTDI) -- C:\Windows\SysNative\drivers\FireTDI.sys (McAfee, Inc.)
DRV:64bit: - (FirePM) -- C:\Windows\SysNative\drivers\FirePM.sys (McAfee, Inc.)
DRV:64bit: - (firelm01) -- C:\Windows\SysNative\drivers\firelm01.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.)
DRV:64bit: - (LVUVC64) Logitech QuickCam S5500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (SBAlg) -- C:\Windows\SysNative\drivers\sbalg.sys (SafeBoot N.V.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (rismcx64) -- C:\Windows\SysNative\drivers\rismcx64.sys (RICOH Company, Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (SbRegFlt) -- C:\Windows\SysNative\drivers\sbregflt.sys (McAfee, Inc.)
DRV:64bit: - (SbFsLock) -- C:\Windows\SysNative\drivers\sbfslock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\Windows\SysNative\drivers\rsvlock.sys (McAfee, Inc.)
DRV:64bit: - (SbFlop) -- C:\Windows\SysNative\drivers\sbflop.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\Windows\SysNative\drivers\safeboot.sys ()
DRV:64bit: - (FirehkMP) -- C:\Windows\SysNative\drivers\firehk.sys (McAfee, Inc.)
DRV:64bit: - (Firehk) -- C:\Windows\SysNative\drivers\firehk.sys (McAfee, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (prepdrvr) -- C:\Windows\SysWOW64\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (SBAlg) -- C:\Windows\SysWow64\drivers\SbAlg.sys (SafeBoot N.V.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SbRegFlt) -- C:\Windows\SysWow64\drivers\SbRegFlt.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\Windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\Windows\SysWow64\drivers\RsvLock.sys (McAfee, Inc.)
DRV - (SbFlop) -- C:\Windows\SysWow64\drivers\SbFlop.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\Windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (VSPerfDrv90) -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes,DefaultScope = {C217808B-7D1E-4E41-96DA-01F9F6D702CF}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{B6C47120-413B-410F-ABE5-29B2E9A0E900}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{C217808B-7D1E-4E41-96DA-01F9F6D702CF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{E75378C6-DF1B-4B85-9DEA-FA237DAA470A}: "URL" = http://www.pricestalker.net/ProductSearch.aspx?keyword={searchTerms}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\SearchScopes\{F73820C6-8FD0-4562-8276-DB5E335F4768}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://Pulse
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes,DefaultScope = {C217808B-7D1E-4E41-96DA-01F9F6D702CF}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{B6C47120-413B-410F-ABE5-29B2E9A0E900}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{C217808B-7D1E-4E41-96DA-01F9F6D702CF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{E75378C6-DF1B-4B85-9DEA-FA237DAA470A}: "URL" = http://www.pricestalker.net/ProductSearch.aspx?keyword={searchTerms}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\SearchScopes\{F73820C6-8FD0-4562-8276-DB5E335F4768}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4238
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}:5.0.22
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.7.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.2.9
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61636
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gary.jutras\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gary.jutras\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2012/01/18 10:50:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/05/10 08:50:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/06/22 07:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 10:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/27 10:54:25 | 000,000,000 | ---D | M]

[2010/09/13 11:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Extensions
[2010/07/07 10:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/03/09 15:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Firefox\Profiles\92ip19u4.default\extensions
[2010/09/20 09:00:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\gary.jutras\AppData\Roaming\mozilla\Firefox\Profiles\92ip19u4.default\extensions\LogMeInClient@logmein.com
[2012/03/22 09:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/22 11:48:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/03 16:12:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
[2011/04/01 09:52:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/01/18 10:50:39 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
[2011/06/22 07:51:44 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/05/10 08:50:57 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\gary.jutras\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Microsoft Web Test Recorder Helper) - {62355041-605D-4469-84FD-5D66ED67A7E3} - C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Wireless Driver Update] C:\Windows\Tools\Wireless\UpdateWireless_Local.vbs ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SafeBootTokenWatcher] C:\Program Files (x86)\SafeBoot\SbTokWatch.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [SurveyorSession] C:\Program Files (x86)\Verdiem\SurveyorSD\Bin\SurveyorSession.exe (Verdiem Corporation)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [FeedDemon] C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Push Client] C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Volumouse] C:\Program Files\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000..\Run: [Volumouse32] C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [ApacheTomcatMonitor5.5_Tomcat5] C:\Program Files (x86)\Apache Software Foundation\Tomcat 5.5\bin\Tomcat5w.exe (Apache Software Foundation)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [FeedDemon] C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [MusicManager] C:\Users\gary.jutras\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Push Client] C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe (AT&T Inc.)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [SansaDispatch] C:\Users\gary.jutras\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Volumouse] C:\Program Files\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\Run: [Volumouse32] C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\gary.jutras\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_22\bin\NPJPI150_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: na-applications ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: compliancewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: covidien.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: kaplanwire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: knowledgewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: mkg.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: tamans-it08v ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Domains: thcg.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-21-2264471342-2409993175-2669358546-1000\..Trusted Ranges: Range2 ([*] in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: compliancewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: covidien.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: covidien.com ([sso] * in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: covidien.com ([webmail] * in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: kaplanwire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: knowledgewire.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: mkg.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: symanteccloud.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: tamans-it08v ([]http in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: TAMANS-SM02 ([]File in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: thcg.net ([]* in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Domains: thcg.net ([TAMANS-SM02] File in Trusted sites)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-21-661013750-2036339787-1844936127-200531\..Trusted Ranges: Range2 ([*] in Local intranet)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} http://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab (JavaPlugin.Object)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} http://tamans-it08v:8080/qcbin/Spider91.cab (Loader Class v4)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://btc.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://dr-remote.covidien.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.202.107 10.0.202.108 10.0.202.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thcg.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2130A9D8-234E-4ECC-947F-7C161C30F219}: NameServer = 10.0.202.108,10.0.202.107
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D46210D-D2B5-4F53-91C6-DDF493DDBB4E}: DhcpNameServer = 10.0.202.107 10.0.202.108 10.0.202.109
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/20 12:44:12 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 12:45:13 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/03/30 12:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012/03/30 10:34:34 | 000,047,080 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\HIPIS0e011b5.dll
[2012/03/30 10:34:34 | 000,040,328 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysWow64\HIPIS0e011b5.dll
[2012/03/30 10:25:02 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/29 11:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/29 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/29 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/29 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/27 12:09:11 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/27 11:53:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/27 11:51:29 | 000,200,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SafeBoot.scr
[2012/03/27 11:40:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/27 10:06:00 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/03/27 10:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/03/27 10:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/03/27 10:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/03/26 16:58:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/26 16:58:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/26 16:58:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/26 16:58:03 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/26 16:35:54 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/03/26 16:35:54 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/26 16:35:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/25 18:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/22 11:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/03/22 09:39:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/21 15:51:57 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\Safer Networking
[2012/03/21 15:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
[2012/03/21 15:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2012/03/21 15:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/21 15:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/21 15:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/03/21 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\Malwarebytes
[2012/03/21 10:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/21 10:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/21 10:57:09 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/21 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/21 10:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\947E3
[2012/03/21 10:47:04 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\72A94
[2012/03/20 08:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMC Avamar
[2012/03/20 08:55:06 | 000,930,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ccmcore.dll
[2012/03/20 08:55:06 | 000,026,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xprslib.dll
[2012/03/20 08:54:15 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2012/03/19 11:18:26 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2012/03/09 10:22:15 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\Documents\My Safes
[2012/03/09 10:22:09 | 000,000,000 | ---D | C] -- C:\Users\gary.jutras\AppData\Local\PasswordSafe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 08:37:52 | 000,002,620 | RHS- | M] () -- C:\Users\gary.jutras\ntuser.pol
[2012/04/02 08:37:33 | 000,017,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 08:37:33 | 000,017,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 08:37:32 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531Core.job
[2012/04/02 08:37:18 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531UA.job
[2012/04/02 08:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/30 10:48:28 | 001,367,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/30 10:48:28 | 001,075,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/30 10:48:28 | 000,274,248 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/30 10:42:33 | 000,000,475 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/03/30 10:38:18 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/30 10:35:04 | 000,127,577 | ---- | M] () -- C:\Windows\SysWow64\api_hook_list.dat
[2012/03/30 10:35:03 | 000,002,033 | ---- | M] () -- C:\Windows\SysNative\api_hook_list.dat
[2012/03/30 10:34:47 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/03/30 10:33:55 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/30 10:33:20 | 1280,692,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 10:05:42 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/30 10:05:42 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/30 08:44:20 | 000,002,128 | -H-- | M] () -- C:\Users\gary.jutras\Documents\Default.rdp
[2012/03/29 15:14:49 | 000,000,703 | ---- | M] () -- C:\Windows\NewsRover.INI
[2012/03/29 09:25:05 | 000,001,256 | ---- | M] () -- C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/03/27 11:51:29 | 000,200,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\SafeBoot.scr
[2012/03/27 11:01:02 | 002,354,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/27 10:06:00 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/03/27 10:05:58 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/03/27 09:45:08 | 000,025,304 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/21 11:16:35 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\RfmDat2.dat
[2012/03/20 08:57:53 | 000,001,001 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\client.lnk
[2012/03/20 08:55:07 | 001,384,864 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/20 08:55:06 | 000,004,764 | ---- | M] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/03/20 08:55:06 | 000,000,621 | ---- | M] () -- C:\Windows\SysWow64\CcmFramework.h
[2012/03/14 16:15:45 | 000,000,977 | ---- | M] () -- C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/12 16:18:46 | 000,018,631 | ---- | M] () -- C:\Users\gary.jutras\Documents\ppm.sql
[2012/03/12 12:26:42 | 000,006,448 | ---- | M] () -- C:\Users\gary.jutras\Documents\SurgeonToXml.sql
[2012/03/07 23:49:06 | 000,143,008 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysWow64\KevlarSigs.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/30 10:35:03 | 000,127,577 | ---- | C] () -- C:\Windows\SysWow64\api_hook_list.dat
[2012/03/30 10:35:03 | 000,002,033 | ---- | C] () -- C:\Windows\SysNative\api_hook_list.dat
[2012/03/30 10:21:20 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/27 11:52:26 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/03/27 11:00:41 | 002,354,064 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/27 10:23:42 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/03/27 10:03:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/27 10:03:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/20 08:55:06 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/03/20 08:55:06 | 000,000,621 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.h
[2012/03/07 17:47:20 | 000,006,448 | ---- | C] () -- C:\Users\gary.jutras\Documents\SurgeonToXml.sql
[2012/03/07 16:13:45 | 002,497,570 | ---- | C] () -- C:\Users\gary.jutras\Documents\zipcode.csv
[2011/12/16 12:49:13 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2011/08/18 08:00:14 | 000,190,508 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/17 12:55:55 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/06/14 13:14:48 | 000,000,483 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/28 12:20:24 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/05/28 12:20:23 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/05/28 12:20:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/05/28 12:20:23 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/05/28 12:20:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/05/28 12:20:23 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/05/28 12:20:23 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/05/28 12:20:23 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/05/28 12:20:23 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/05/28 12:20:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/05/28 12:20:23 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/05/28 12:20:23 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/05/28 12:20:23 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/05/28 12:20:23 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/05/28 12:20:23 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/05/28 12:20:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/05/24 14:15:33 | 000,000,982 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\1E09F71F.il
[2011/05/24 14:15:33 | 000,000,280 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\IndexIE_1E09F71F.il
[2011/04/08 13:09:02 | 000,000,600 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\PUTTY.RND
[2011/02/14 11:28:20 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\RfmDat2.dat
[2011/02/14 11:27:08 | 000,000,099 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\fusioncache.dat
[2011/02/03 12:53:01 | 000,005,120 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/03 16:32:39 | 000,110,631 | ---- | C] () -- C:\Windows\News Rover Uninstaller.exe
[2010/11/09 10:27:21 | 000,000,703 | ---- | C] () -- C:\Windows\NewsRover.INI
[2010/10/18 11:35:04 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/10/15 11:07:37 | 000,036,972 | ---- | C] () -- C:\Windows\SysWow64\ActPanel.dll
[2010/09/13 11:15:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/09 14:56:05 | 000,004,096 | -H-- | C] () -- C:\Users\gary.jutras\AppData\Local\keyfile3.drm
[2010/07/30 10:50:09 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/07/21 11:57:42 | 000,001,311 | ---- | C] () -- C:\Windows\SysWow64\DfsMgmt.dll.config
[2010/07/21 11:56:59 | 000,001,315 | ---- | C] () -- C:\Windows\DfsrAdmin.exe.config
[2010/07/15 09:54:30 | 000,051,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\atnt40k.sys
[2010/06/22 15:33:11 | 000,000,231 | ---- | C] () -- C:\Windows\mercury.ini
[2010/06/17 16:10:06 | 000,256,560 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2010/06/17 16:10:06 | 000,027,184 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2010/06/17 16:10:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/06/17 11:44:16 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/06/17 11:44:16 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/06/17 11:44:16 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/06/17 11:44:16 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/06/17 11:44:16 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/06/17 11:44:16 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/06/17 11:35:27 | 000,001,232 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/17 11:06:21 | 001,384,864 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/17 11:06:11 | 000,000,475 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2010/06/17 10:12:50 | 000,007,591 | ---- | C] () -- C:\Users\gary.jutras\AppData\Local\resmon.resmoncfg
[2010/06/16 18:26:03 | 000,025,304 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== LOP Check ==========

[2010/11/18 14:43:14 | 000,000,000 | ---D | M] -- C:\Users\app.gary.jutras\AppData\Roaming\Avamar
[2012/03/26 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\JetBrains
[2012/03/26 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\JetBrains
[2012/01/16 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Gary.Jutra\AppData\Roaming\Avamar
[2012/03/21 10:47:04 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\72A94
[2011/07/11 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Amazon
[2011/08/19 12:19:13 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\ATT Connect
[2010/06/29 07:52:23 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Avamar
[2011/04/04 12:11:34 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Avaya
[2011/03/15 10:44:59 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2011/08/26 12:54:24 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\calibre
[2011/11/11 14:57:12 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\com.oxygenxml
[2010/06/21 15:47:00 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\DigitalPersona
[2012/03/30 11:10:06 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Dropbox
[2011/06/10 08:25:36 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\EPSON
[2010/11/19 09:55:37 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\EurekaLog
[2010/06/29 08:17:59 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Genie-Soft
[2010/06/30 12:23:41 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\HandBrake
[2011/09/26 18:25:13 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\IBM
[2011/03/16 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\ImgBurn
[2011/06/10 09:58:57 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Intermedia Software
[2011/01/02 10:34:02 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\InterVideo
[2011/07/11 13:47:33 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\iPubsoft
[2011/06/07 15:44:03 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\IsolatedStorage
[2011/10/07 15:20:24 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\JetBrains
[2011/08/24 07:49:44 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\JGsoft
[2011/11/09 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Juniper Networks
[2012/02/17 09:59:53 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Motorola
[2011/10/07 09:12:23 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\NuGet
[2010/07/21 08:37:05 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\PolyView
[2011/06/14 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Quest Software
[2010/07/15 11:06:46 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Red Gate
[2011/05/10 08:51:16 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\RoboForm
[2012/03/22 16:23:34 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\RssPopper
[2012/03/21 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Safer Networking
[2011/01/20 11:54:16 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\SanDisk
[2010/06/29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Scooter Software
[2010/07/13 15:24:26 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Sling Media
[2011/06/08 08:33:34 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Software
[2011/07/27 09:51:24 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\SQL Developer
[2011/04/08 12:53:19 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\Subversion
[2010/07/07 10:05:40 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\TomTom
[2011/10/20 10:52:47 | 000,000,000 | ---D | M] -- C:\Users\gary.jutras\AppData\Roaming\webex
[2012/03/30 10:38:18 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/02/22 09:41:02 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 02 April 2012 - 08:11 AM

Hello

I want you to rerun this for me - something new has come to the computer or at least it is starting to show in the reports

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gjutras

gjutras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 02 April 2012 - 08:22 AM

becuase of mcafee safeboot (whole hard drive encryption), I can't access the system drive from recovery mode. so the best I can run frs64.exe is from safe mode which shows the following:
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by gary.jutras at 02-04-2012 09:19:27
Running from K:\packages\Ad-Aware
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\app.gary.jutras\...\Run: [Volumouse32] "C:\Program Files (x86)\NirSoft\VoluMouse\volumouse.exe" /nodlg [33280 2010-06-29] (NirSoft)
HKU\app.gary.jutras\...\Run: [Volumouse] "C:\Program Files\NirSoft\VoluMouse\volumouse.exe" /nodlg [82944 2010-06-21] (NirSoft)
HKU\app.gary.jutras\...\Run: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized [7503360 2010-12-16] (NewsGator Technologies, Inc.)
HKU\app.gary.jutras\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-22] (Microsoft Corporation)
HKU\app.gary.jutras\...\Run: [Google Update] "C:\Users\gary.jutras\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-01-14] (Google Inc.)
HKU\app.gary.jutras\...\Run: [SansaDispatch] C:\Users\app.gary.jutras\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [x]
HKU\app.gary.jutras\...\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
HKU\app.gary.jutras\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [107000 2011-05-10] (Siber Systems)
HKU\app.gary.jutras\...\Run: [svchost.exe] C:\Windows\svchost.exe [x]
HKU\app.gary.jutras\...\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Users\GARY~2.JUT\AppData\Local\Temp\E_SB10A.tmp" /EF "HKCU" [x]
HKU\app.gary.jutras\...\Run: [Push Client] "C:\Users\gary.jutras\AppData\Local\ATT Connect\Participant\pull.exe" [966944 2011-04-27] (AT&T Inc.)
HKU\app.gary.jutras\...\Policies\system: [NoDispScrSavPage] 1
HKU\ASP.NET V2.0\...\Policies\system: [NoDispScrSavPage] 0
HKU\ASP.NET v4.0\...\Policies\system: [NoDispScrSavPage] 0
HKU\classicasp\...\Policies\system: [NoDispScrSavPage] 0
HKU\DefaultAppPool\...\Policies\system: [NoDispScrSavPage] 0
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x ] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-02 09:16 - 2012-04-02 09:16 - 0001265 ____A C:\Users\gary.jutras\Desktop\SurgeonLocatorSample.xml
2012-03-30 12:45 - 2012-03-30 12:45 - 0000000 ____D C:\Windows\LastGood
2012-03-30 10:35 - 2012-03-30 10:35 - 0127577 ____A C:\Windows\SysWOW64\api_hook_list.dat
2012-03-30 10:35 - 2012-03-30 10:35 - 0002033 ____A C:\Windows\System32\api_hook_list.dat
2012-03-30 10:34 - 2010-06-15 11:57 - 0047080 ____A (McAfee, Inc.) C:\Windows\System32\HIPIS0e011b5.dll
2012-03-30 10:34 - 2010-06-15 11:57 - 0040328 ____A (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll
2012-03-30 10:25 - 2012-04-02 09:19 - 0000000 ____D C:\FRST
2012-03-30 10:21 - 2012-03-30 10:38 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-03-30 10:20 - 2012-03-30 10:25 - 4809358 ____A C:\Windows\ntbtlog.txt
2012-03-29 11:12 - 2012-03-29 11:13 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 11:12 - 2012-03-29 11:13 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 11:12 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files\iPod
2012-03-27 12:32 - 2012-03-27 12:32 - 0044808 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_12.32.24_log.txt
2012-03-27 12:09 - 2012-03-27 12:09 - 0000000 ___SD C:\32788R22FWJFW
2012-03-27 12:07 - 2012-03-27 12:07 - 0049490 ____A C:\ComboFix.txt
2012-03-27 11:53 - 2012-03-27 11:53 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-27 11:52 - 2012-03-30 10:33 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-27 11:51 - 2012-03-27 11:51 - 0200704 ____A (McAfee, Inc.) C:\Windows\SafeBoot.scr
2012-03-27 11:01 - 2012-03-30 10:33 - 0000168 ____A C:\Windows\setupact.log
2012-03-27 11:01 - 2012-03-27 11:01 - 0000000 ____A C:\Windows\setuperr.log
2012-03-27 11:00 - 2012-03-30 10:33 - 0000892 ____A C:\aaw7boot.log
2012-03-27 11:00 - 2012-03-30 10:20 - 0002318 ____A C:\Windows\PFRO.log
2012-03-27 11:00 - 2012-03-27 11:01 - 2354064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-27 10:23 - 2012-03-27 10:05 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-03-27 10:20 - 2012-03-27 10:20 - 0113440 ____A C:\Users\gary.jutras\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-27 10:06 - 2012-03-27 10:06 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-03-27 10:03 - 2012-03-30 10:05 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-27 10:03 - 2012-03-30 10:05 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-03-26 16:58 - 2012-02-10 02:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-26 16:58 - 2012-02-10 01:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-26 16:58 - 2012-02-03 00:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-26 16:58 - 2012-01-25 02:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-26 16:58 - 2012-01-25 02:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-26 16:58 - 2012-01-25 02:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Local\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Local\JetBrains
2012-03-26 16:35 - 2012-02-17 02:38 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-03-26 16:35 - 2012-02-17 02:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-26 16:35 - 2012-02-17 01:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-26 16:35 - 2012-02-17 00:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-26 16:35 - 2012-02-17 00:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-25 18:48 - 2012-03-25 18:48 - 0000000 ____D C:\Program Files (x86)\ESET
2012-03-22 17:39 - 2012-03-22 17:39 - 0044634 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_17.39.23_log.txt
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-22 09:39 - 2012-03-27 12:09 - 0000000 ____D C:\Windows\ERDNT
2012-03-21 16:34 - 2012-03-21 16:34 - 0046028 ____A C:\TDSSKiller.2.7.22.0_21.03.2012_16.34.19_log.txt
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Safer Networking
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Program Files (x86)\Safer Networking
2012-03-21 15:41 - 2012-04-02 09:04 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-21 15:41 - 2012-04-02 09:04 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-21 15:41 - 2012-03-21 15:42 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 10:57 - 2011-12-10 15:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-21 10:49 - 2012-03-30 12:26 - 0000642 ____A C:\rkill.log
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\72A94
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Program Files (x86)\947E3
2012-03-20 08:55 - 2012-03-20 08:55 - 0004764 ____A C:\Windows\SysWOW64\CcmFramework.ini
2012-03-20 08:55 - 2012-03-20 08:55 - 0000621 ____A C:\Windows\SysWOW64\CcmFramework.h
2012-03-20 08:55 - 2009-09-18 04:00 - 0930160 ____A (Microsoft Corporation) C:\Windows\System32\ccmcore.dll
2012-03-20 08:55 - 2009-09-18 04:00 - 0026464 ____A (Microsoft Corporation) C:\Windows\System32\xprslib.dll
2012-03-20 08:54 - 2012-03-20 08:54 - 0000000 ____D C:\Windows\ms
2012-03-09 10:22 - 2012-03-22 14:44 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\PasswordSafe
2012-03-09 10:22 - 2012-03-09 10:22 - 0000000 ____D C:\Users\gary.jutras\Documents\My Safes
2012-03-07 17:47 - 2012-03-12 12:26 - 0006448 ____A C:\Users\gary.jutras\Documents\SurgeonToXml.sql
2012-03-07 16:44 - 2012-03-07 16:44 - 0584405 ____A C:\Users\gary.jutras\Documents\ContactsCompaniesWithUSLatLong.xlsx
2012-03-07 16:13 - 2004-08-06 17:02 - 2497570 ____A C:\Users\gary.jutras\Documents\zipcode.csv
2012-03-07 16:10 - 2012-03-07 16:10 - 0146374 ____A C:\Users\gary.jutras\Documents\Companies.xlsx
2012-03-07 16:08 - 2012-03-07 16:08 - 0376471 ____A C:\Users\gary.jutras\Documents\Contacts.xlsx


============ 3 Months Modified Files and Folders =============

2012-04-02 09:19 - 2012-03-30 10:25 - 0000000 ____D C:\FRST
2012-04-02 09:17 - 2012-04-02 09:17 - 0001399 ____A C:\Users\gary.jutras\Desktop\SurgeonLocatorSample.xsd
2012-04-02 09:17 - 2010-11-29 15:36 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\com.oxygenxml
2012-04-02 09:16 - 2012-04-02 09:16 - 0001265 ____A C:\Users\gary.jutras\Desktop\SurgeonLocatorSample.xml
2012-04-02 09:15 - 2011-04-21 09:53 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Ditto
2012-04-02 09:05 - 2011-01-14 14:52 - 0000932 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531UA.job
2012-04-02 09:05 - 2011-01-14 14:52 - 0000880 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-661013750-2036339787-1844936127-200531Core.job
2012-04-02 09:04 - 2012-03-21 15:41 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-02 09:04 - 2012-03-21 15:41 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-02 09:01 - 2010-06-16 17:57 - 1426095 ____A C:\Windows\WindowsUpdate.log
2012-04-02 08:37 - 2010-06-16 18:24 - 0000352 ____A C:\Windows\System32\config\netlogon.ftl
2012-04-02 08:37 - 2010-06-16 11:36 - 0002620 _RASH C:\Users\gary.jutras\ntuser.pol
2012-04-02 08:37 - 2010-06-16 11:36 - 0000000 ____D C:\users\gary.jutras
2012-04-02 08:37 - 2009-07-14 00:45 - 0017984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-02 08:37 - 2009-07-14 00:45 - 0017984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 14:53 - 2010-07-09 11:19 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Deployment
2012-03-30 14:50 - 2010-07-09 11:19 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Apps\2.0
2012-03-30 12:45 - 2012-03-30 12:45 - 0000000 ____D C:\Windows\LastGood
2012-03-30 12:36 - 2010-06-18 10:12 - 0000000 ____D C:\sysinternals
2012-03-30 12:26 - 2012-03-21 10:49 - 0000642 ____A C:\rkill.log
2012-03-30 11:10 - 2011-11-15 12:29 - 0000000 ___RD C:\Users\gary.jutras\Dropbox
2012-03-30 11:10 - 2011-11-15 12:26 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Dropbox
2012-03-30 10:48 - 2009-07-14 01:13 - 1367616 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-30 10:42 - 2010-06-17 11:06 - 0000475 ____A C:\Windows\SMSCFG.ini
2012-03-30 10:38 - 2012-03-30 10:21 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-03-30 10:38 - 2010-06-21 14:58 - 0000000 ____D C:\Users\All Users\HPQLOG
2012-03-30 10:38 - 2010-06-21 14:58 - 0000000 ____D C:\ProgramData\HPQLOG
2012-03-30 10:37 - 2010-06-16 11:51 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-03-30 10:37 - 2010-06-16 11:51 - 0000000 ____D C:\ProgramData\NVIDIA
2012-03-30 10:36 - 2010-06-17 15:44 - 0000000 ____D C:\Users\gary.jutras\Tracing
2012-03-30 10:36 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\System32\inetsrv
2012-03-30 10:35 - 2012-03-30 10:35 - 0127577 ____A C:\Windows\SysWOW64\api_hook_list.dat
2012-03-30 10:35 - 2012-03-30 10:35 - 0002033 ____A C:\Windows\System32\api_hook_list.dat
2012-03-30 10:34 - 2011-04-05 21:17 - 0065536 _____ C:\Windows\System32\Ikeext.etl
2012-03-30 10:34 - 2009-07-14 01:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-30 10:34 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\registration
2012-03-30 10:33 - 2012-03-27 11:52 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-30 10:33 - 2012-03-27 11:01 - 0000168 ____A C:\Windows\setupact.log
2012-03-30 10:33 - 2012-03-27 11:00 - 0000892 ____A C:\aaw7boot.log
2012-03-30 10:33 - 2010-06-16 17:36 - 1280692224 __ASH C:\hiberfil.sys
2012-03-30 10:25 - 2012-03-30 10:20 - 4809358 ____A C:\Windows\ntbtlog.txt
2012-03-30 10:20 - 2012-03-27 11:00 - 0002318 ____A C:\Windows\PFRO.log
2012-03-30 10:05 - 2012-03-27 10:03 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-30 10:05 - 2012-03-27 10:03 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-30 08:44 - 2010-06-29 08:23 - 0002128 ___AH C:\Users\gary.jutras\Documents\Default.rdp
2012-03-30 08:43 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\tracing
2012-03-29 15:14 - 2010-11-09 10:27 - 0000703 ____A C:\Windows\NewsRover.INI
2012-03-29 14:59 - 2010-12-03 16:33 - 0000000 ____D C:\NewsRoverData
2012-03-29 13:25 - 2010-06-21 13:23 - 0000000 ____D C:\Users\gary.jutras\Documents\SQL Server Management Studio
2012-03-29 11:15 - 2011-08-18 07:59 - 0000000 ____D C:\Program Files (x86)\Safari
2012-03-29 11:13 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files\iTunes
2012-03-29 11:13 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 11:12 - 2012-03-29 11:12 - 0000000 ____D C:\Program Files\iPod
2012-03-29 09:25 - 2010-10-19 10:10 - 0001256 ____A C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2012-03-28 09:36 - 2011-07-11 13:49 - 0000000 ____D C:\Users\gary.jutras\Documents\My Kindle Content
2012-03-28 09:32 - 2011-07-11 13:49 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Amazon
2012-03-28 09:32 - 2011-07-11 13:49 - 0000000 ____D C:\Program Files (x86)\Amazon
2012-03-27 12:32 - 2012-03-27 12:32 - 0044808 ____A C:\TDSSKiller.2.7.23.0_27.03.2012_12.32.24_log.txt
2012-03-27 12:09 - 2012-03-27 12:09 - 0000000 ___SD C:\32788R22FWJFW
2012-03-27 12:09 - 2012-03-22 09:39 - 0000000 ____D C:\Windows\ERDNT
2012-03-27 12:07 - 2012-03-27 12:07 - 0049490 ____A C:\ComboFix.txt
2012-03-27 11:53 - 2012-03-27 11:53 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-27 11:53 - 2009-07-13 22:34 - 0000215 ____A C:\Windows\system.ini
2012-03-27 11:51 - 2012-03-27 11:51 - 0200704 ____A (McAfee, Inc.) C:\Windows\SafeBoot.scr
2012-03-27 11:51 - 2010-06-16 11:53 - 0000000 ____D C:\Program Files (x86)\SafeBoot
2012-03-27 11:47 - 2009-07-13 22:34 - 267956224 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-03-27 11:47 - 2009-07-13 22:34 - 24903680 ____A C:\Windows\System32\config\SYSTEM.bak
2012-03-27 11:41 - 2009-07-13 22:34 - 0069632 ____A C:\Windows\System32\config\SECURITY.bak
2012-03-27 11:11 - 2009-07-13 22:34 - 5140480 ____A C:\Windows\System32\config\DEFAULT.bak
2012-03-27 11:08 - 2009-07-13 22:34 - 0061440 ____A C:\Windows\System32\config\SAM.bak
2012-03-27 11:02 - 2010-06-16 17:55 - 0000000 ____D C:\users\Gary.Jutra
2012-03-27 11:01 - 2012-03-27 11:01 - 0000000 ____A C:\Windows\setuperr.log
2012-03-27 11:01 - 2012-03-27 11:00 - 2354064 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-27 10:20 - 2012-03-27 10:20 - 0113440 ____A C:\Users\gary.jutras\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-27 10:06 - 2012-03-27 10:06 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-03-27 10:05 - 2012-03-27 10:23 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-27 10:02 - 2012-03-27 10:02 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-03-27 09:45 - 2010-06-16 18:26 - 0025304 _RASH C:\Users\All Users\ntuser.pol
2012-03-27 09:45 - 2010-06-16 18:26 - 0025304 _RASH C:\ProgramData\ntuser.pol
2012-03-26 17:04 - 2010-06-17 11:29 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-26 17:04 - 2010-06-17 11:29 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-26 16:49 - 2010-06-17 04:17 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default\AppData\Local\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Roaming\JetBrains
2012-03-26 16:47 - 2012-03-26 16:47 - 0000000 ____D C:\Users\Default User\AppData\Local\JetBrains
2012-03-25 18:48 - 2012-03-25 18:48 - 0000000 ____D C:\Program Files (x86)\ESET
2012-03-25 18:48 - 2009-07-14 01:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-03-23 08:49 - 2011-04-08 12:36 - 0000000 ____D C:\svn
2012-03-22 17:39 - 2012-03-22 17:39 - 0044634 ____A C:\TDSSKiller.2.7.22.0_22.03.2012_17.39.23_log.txt
2012-03-22 16:23 - 2010-09-07 12:03 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\RssPopper
2012-03-22 15:38 - 2010-06-21 16:26 - 0000000 ____D C:\Users\gary.jutras\Documents\Visual Studio 2010
2012-03-22 15:18 - 2010-11-17 16:34 - 0000000 ____D C:\Program Files (x86)\jxplorer-3.2.1
2012-03-22 15:17 - 2010-06-17 10:30 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-22 15:13 - 2010-06-29 10:39 - 0000000 ____D C:\Program Files (x86)\RSS Popper
2012-03-22 14:44 - 2012-03-09 10:22 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\PasswordSafe
2012-03-22 11:16 - 2012-01-22 11:46 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Skype
2012-03-22 11:16 - 2010-10-18 22:22 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Media Player Classic
2012-03-22 11:15 - 2010-06-16 18:36 - 0000000 ____D C:\Windows\Panther
2012-03-22 11:11 - 2010-07-12 15:49 - 0000000 ____D C:\Program Files (x86)\CCleaner
2012-03-22 11:07 - 2009-07-13 23:20 - 0000000 __RHD C:\users\Default
2012-03-22 11:07 - 2009-07-13 23:20 - 0000000 ___RD C:\users\Public
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-03-22 10:36 - 2012-03-22 10:36 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-03-21 16:34 - 2012-03-21 16:34 - 0046028 ____A C:\TDSSKiller.2.7.22.0_21.03.2012_16.34.19_log.txt
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Safer Networking
2012-03-21 15:51 - 2012-03-21 15:51 - 0000000 ____D C:\Program Files (x86)\Safer Networking
2012-03-21 15:42 - 2012-03-21 15:41 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-21 15:07 - 2010-07-30 10:48 - 0000000 ____D C:\Program Files (x86)\Advanced Diary
2012-03-21 14:49 - 2010-09-10 09:14 - 0000000 ____D C:\HiJackThis
2012-03-21 11:17 - 2011-02-14 11:24 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\ApplicationHistory
2012-03-21 11:16 - 2011-02-14 11:28 - 0000256 ____A C:\Windows\SysWOW64\RfmDat2.dat
2012-03-21 11:10 - 2010-09-13 11:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-21 10:57 - 2012-03-21 10:57 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\72A94
2012-03-21 10:47 - 2012-03-21 10:47 - 0000000 ____D C:\Program Files (x86)\947E3
2012-03-20 08:57 - 2010-06-29 07:52 - 0001001 ____A C:\Users\All Users\Start Menu\Programs\Startup\client.lnk
2012-03-20 08:57 - 2010-06-29 07:52 - 0000000 ____D C:\Program Files\avs
2012-03-20 08:55 - 2012-03-20 08:55 - 0004764 ____A C:\Windows\SysWOW64\CcmFramework.ini
2012-03-20 08:55 - 2012-03-20 08:55 - 0000621 ____A C:\Windows\SysWOW64\CcmFramework.h
2012-03-20 08:55 - 2010-06-17 11:06 - 1384864 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-20 08:55 - 2010-06-17 11:06 - 0000000 ____D C:\Windows\SysWOW64\CCM
2012-03-20 08:54 - 2012-03-20 08:54 - 0000000 ____D C:\Windows\ms
2012-03-19 11:18 - 2011-01-14 14:52 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Google
2012-03-15 15:24 - 2011-05-24 08:55 - 0000000 ____D C:\Program Files (x86)\ToDoList
2012-03-15 08:57 - 2011-02-08 16:35 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Apple Computer
2012-03-14 16:15 - 2011-11-15 12:27 - 0000977 ____A C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-12 16:18 - 2011-09-20 15:59 - 0018631 ____A C:\Users\gary.jutras\Documents\ppm.sql
2012-03-12 15:34 - 2010-08-27 10:07 - 0000000 ____D C:\Users\gary.jutras\Documents\SSMSToolsPack
2012-03-12 12:26 - 2012-03-07 17:47 - 0006448 ____A C:\Users\gary.jutras\Documents\SurgeonToXml.sql
2012-03-09 12:04 - 2010-06-21 07:50 - 0000000 ____D C:\Users\gary.jutras\Documents\Visual Studio 2005
2012-03-09 10:22 - 2012-03-09 10:22 - 0000000 ____D C:\Users\gary.jutras\Documents\My Safes
2012-03-07 23:49 - 2010-06-17 11:02 - 0143008 ____A (McAfee, Inc.) C:\Windows\SysWOW64\KevlarSigs.dll
2012-03-07 16:44 - 2012-03-07 16:44 - 0584405 ____A C:\Users\gary.jutras\Documents\ContactsCompaniesWithUSLatLong.xlsx
2012-03-07 16:10 - 2012-03-07 16:10 - 0146374 ____A C:\Users\gary.jutras\Documents\Companies.xlsx
2012-03-07 16:08 - 2012-03-07 16:08 - 0376471 ____A C:\Users\gary.jutras\Documents\Contacts.xlsx
2012-03-05 16:02 - 2011-03-02 16:36 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\QuickPar
2012-03-02 12:36 - 2011-07-27 15:03 - 0000000 ____D C:\Users\gary.jutras\.android
2012-03-02 12:34 - 2010-10-12 11:30 - 0000000 ____D C:\Users\gary.jutras\AppData\Local\Eclipse
2012-03-02 12:33 - 2011-04-04 13:40 - 0000000 ____D C:\eclipse
2012-03-02 12:10 - 2011-07-27 15:20 - 0000000 ____D C:\Program Files (x86)\Android
2012-02-28 12:05 - 2010-06-16 11:36 - 0000000 ____D C:\Users\gary.jutras\AppData\LocalLow
2012-02-24 12:21 - 2012-02-24 12:21 - 0000000 ____D C:\Program Files (x86)\Service Broker
2012-02-24 12:19 - 2012-02-24 12:19 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2008 DM Content Viewer
2012-02-24 12:13 - 2010-06-21 08:09 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-02-24 12:11 - 2012-02-24 12:11 - 0000000 ____D C:\Program Files\Service Broker
2012-02-24 12:11 - 2012-02-24 12:10 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2008 R2 Upgrade Advisor
2012-02-24 12:02 - 2009-07-13 23:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-24 11:59 - 2012-02-24 11:59 - 0000000 ____D C:\Program Files\Microsoft SQL Remote Blob Storage 10.50
2012-02-23 14:55 - 2012-02-23 14:55 - 0003714 ____A C:\Users\gary.jutras\Downloads\image_png
2012-02-22 11:21 - 2012-02-17 10:33 - 0000000 ____D C:\Program Files\Samsung
2012-02-22 11:19 - 2012-02-22 11:19 - 0000000 ____D C:\Users\All Users\Samsung
2012-02-22 11:19 - 2012-02-22 11:19 - 0000000 ____D C:\ProgramData\Samsung
2012-02-22 09:41 - 2009-07-14 01:08 - 0032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-21 14:35 - 2010-06-22 13:13 - 0000000 ___RD C:\Users\gary.jutras\Virtual Machines
2012-02-21 14:35 - 2010-06-16 11:36 - 0000174 ___SH C:\Users\gary.jutras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-21 14:27 - 2010-06-17 12:45 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-19 12:03 - 2010-06-17 15:44 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-02-19 12:03 - 2010-06-17 15:44 - 0000000 ____D C:\ProgramData\FLEXnet
2012-02-17 16:09 - 2011-05-23 11:20 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Users\gary.jutras\AppData\Roaming\Motorola
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Program Files\Motorola Inc
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-02-17 09:59 - 2012-02-17 09:59 - 0000000 ____D C:\Program Files (x86)\Motorola
2012-02-17 02:38 - 2012-03-26 16:35 - 1112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-02-17 02:38 - 2012-03-26 16:35 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 01:34 - 2012-03-26 16:35 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-17 00:58 - 2012-03-26 16:35 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 00:57 - 2012-03-26 16:35 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 14:15 - 2010-09-28 16:25 - 0000000 ___SD C:\Users\gary.jutras\Documents\SharePoint Drafts
2012-02-10 02:36 - 2012-03-26 16:58 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 01:38 - 2012-03-26 16:58 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 10:47 - 2012-02-08 10:47 - 3278322 ____A C:\Users\gary.jutras\Downloads\Tapatalk-v1.12.2-Chris07dx.ipa
2012-02-06 15:29 - 2012-02-06 15:26 - 0000000 ____D C:\Users\gary.jutras\Documents\ArtworkRequestEform
2012-02-03 00:34 - 2012-03-26 16:58 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-26 13:14 - 2012-02-06 17:08 - 0731738 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Turkish.scr
2012-01-26 13:14 - 2012-02-06 17:08 - 0731738 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Turkish.scr
2012-01-26 13:14 - 2012-02-06 17:08 - 0729677 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Italian.scr
2012-01-26 13:14 - 2012-02-06 17:08 - 0729677 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Italian.scr
2012-01-26 13:13 - 2012-02-06 17:08 - 0763578 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Thai.scr
2012-01-26 13:13 - 2012-02-06 17:08 - 0763578 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Thai.scr
2012-01-25 02:38 - 2012-03-26 16:58 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 02:38 - 2012-03-26 16:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 02:33 - 2012-03-26 16:58 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-24 10:44 - 2009-07-13 23:20 - 0000000 ____D C:\Windows\rescache
2012-01-22 12:01 - 2012-01-22 11:55 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-01-22 11:55 - 2012-01-22 11:55 - 0006462 ____A C:\Windows\System32\lvcoinst.log
2012-01-22 11:55 - 2012-01-22 11:54 - 0000000 ____D C:\Program Files\Common Files\LogiShrd
2012-01-22 11:48 - 2012-01-22 11:46 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-01-22 11:46 - 2012-01-22 11:46 - 0000000 ____D C:\Users\All Users\Skype
2012-01-22 11:46 - 2012-01-22 11:46 - 0000000 ____D C:\ProgramData\Skype
2012-01-18 10:50 - 2010-12-09 14:01 - 0000000 ____D C:\Program Files (x86)\Fiddler2
2012-01-18 10:25 - 2012-01-18 10:25 - 0000000 ____D C:\Users\gary.jutras\Documents\Biztalk
2012-01-17 17:10 - 2012-01-17 17:08 - 0004790 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-01-17 17:10 - 2010-07-15 09:51 - 0000000 ____D C:\Program Files (x86)\Java
2012-01-17 16:49 - 2010-06-21 16:19 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-01-17 16:49 - 2009-07-14 01:32 - 0000000 ____D C:\Program Files\MSBuild
2012-01-17 15:13 - 2010-06-21 14:05 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-01-17 15:12 - 2012-01-17 15:12 - 0000000 ____D C:\Users\All Users\VS
2012-01-17 15:12 - 2012-01-17 15:12 - 0000000 ____D C:\ProgramData\VS
2012-01-17 13:59 - 2010-07-21 11:56 - 0000000 ____D C:\Windows\Cluster
2012-01-17 13:42 - 2010-09-07 12:17 - 0000039 ____A C:\Windows\vbaddin.ini
2012-01-17 11:37 - 2010-06-21 12:12 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2012-01-17 10:59 - 2012-01-17 10:59 - 0000000 ____D C:\Program Files\Microsoft BizTalk Adapter Pack(x64)
2012-01-17 10:34 - 2012-01-17 10:34 - 0000000 ____D C:\Program Files (x86)\Microsoft BizTalk Adapter Pack
2012-01-17 10:17 - 2012-01-17 10:17 - 0000000 ____D C:\Program Files (x86)\WCF LOB Adapter SDK
2012-01-17 10:17 - 2012-01-17 10:16 - 0000000 ____D C:\Program Files\WCF LOB Adapter SDK
2012-01-17 10:14 - 2012-01-17 10:13 - 0000000 ____D C:\Program Files (x86)\Microsoft BizTalk Adapters for Enterprise Applications
2012-01-17 09:04 - 2012-02-06 17:08 - 0760073 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Korean.scr
2012-01-17 09:04 - 2012-02-06 17:08 - 0760073 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Korean.scr
2012-01-17 09:02 - 2012-02-06 17:08 - 0765726 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Japanese.scr
2012-01-17 09:02 - 2012-02-06 17:08 - 0765726 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Japanese.scr
2012-01-16 13:57 - 2012-01-16 13:33 - 0000000 ____D C:\Program Files (x86)\Microsoft BizTalk Server 2010
2012-01-16 13:53 - 2012-01-16 13:31 - 0000000 ____D C:\Program Files\Common Files\Enterprise Single Sign-On
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\avscc_settings
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Realtime Soft
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Ditto
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Avamar
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Local\Red Gate
2012-01-16 13:52 - 2012-01-16 13:52 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Local\FeedDemon
2012-01-16 13:52 - 2012-01-16 13:51 - 0000000 ___RD C:\Users\Gary.Jutra\Virtual Machines
2012-01-16 13:52 - 2010-06-16 18:17 - 0008224 ____A C:\Users\Gary.Jutra\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-16 13:52 - 2010-06-16 17:55 - 0000174 ___SH C:\Users\Gary.Jutra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-16 13:51 - 2012-01-16 13:51 - 0000008 _RASH C:\Users\Gary.Jutra\ntuser.pol
2012-01-16 13:51 - 2012-01-16 13:51 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Roaming\Intel
2012-01-16 13:51 - 2012-01-16 13:51 - 0000000 ____D C:\Users\Gary.Jutra\AppData\Local\Verdiem
2012-01-16 13:51 - 2010-06-16 17:55 - 0000000 ____D C:\Users\Gary.Jutra\AppData\LocalLow
2012-01-16 13:31 - 2010-06-21 13:14 - 0000000 ____D C:\Program Files\SQLXML 4.0
2012-01-16 13:31 - 2010-06-21 13:14 - 0000000 ____D C:\Program Files (x86)\SQLXML 4.0
2012-01-13 16:33 - 2012-02-06 17:08 - 0767208 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-ChineseTraditional.scr
2012-01-13 16:33 - 2012-02-06 17:08 - 0767208 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-ChineseTraditional.scr
2012-01-12 14:57 - 2012-02-06 17:08 - 0730945 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 14:57 - 2012-02-06 17:08 - 0730945 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-SpanishLATAM.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0762740 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0762740 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-ChineseSimplified.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0730434 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 14:55 - 2012-02-06 17:08 - 0730434 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-SpanishEurope.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0733165 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Russian.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0733165 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Russian.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0730967 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 14:54 - 2012-02-06 17:08 - 0730967 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-PortugueseEurope.scr
2012-01-12 14:53 - 2012-02-06 17:08 - 0730909 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 14:53 - 2012-02-06 17:08 - 0730909 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-PortugueseBrazil.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731597 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Polish.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731597 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Polish.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731045 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Malay.scr
2012-01-12 14:52 - 2012-02-06 17:08 - 0731045 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Malay.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0732075 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-German.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0732075 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-German.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0731154 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Hungarian.scr
2012-01-12 14:51 - 2012-02-06 17:08 - 0731154 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Hungarian.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0732289 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Greek.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0732289 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Greek.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0730338 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 14:50 - 2012-02-06 17:08 - 0730338 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-FrenchEurope.scr
2012-01-12 14:48 - 2012-02-06 17:08 - 0730309 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 14:48 - 2012-02-06 17:08 - 0730309 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-FrenchCanadian.scr
2012-01-12 14:47 - 2012-02-06 17:08 - 0730318 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreensaver-Dutch.scr
2012-01-12 14:47 - 2012-02-06 17:08 - 0730318 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreensaver-Dutch.scr
2012-01-12 14:44 - 2012-02-06 17:08 - 0731140 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\SysWOW64\CovCorpScreenSaver-Danish.scr
2012-01-12 14:44 - 2012-02-06 17:08 - 0731140 ____A (Jan Kolarik & Ondrej Vaverka) C:\Windows\System32\CovCorpScreenSaver-Danish.scr
2012-01-05 11:47 - 2012-01-05 11:47 - 0000000 ____D C:\Program Files (x86)\JetBrains
2012-01-04 06:44 - 2012-02-21 13:09 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 06:44 - 2012-02-21 13:09 - 0509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-04 04:59 - 2012-02-21 13:09 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-01-04 04:58 - 2012-02-21 13:09 - 0442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 86%
Total physical RAM: 7089.82 MB
Available physical RAM: 922.93 MB
Total Pagefile: 11184.02 MB
Available Pagefile: 5106.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:97.27 GB) NTFS
4 Drive k: (465GigWDElements) (Fixed) (Total:465.76 GB) (Free:194.82 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 297 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 K 465GigWDEle NTFS Partition 465 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 09:29

======================= End Of Log ==========================

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 02 April 2012 - 08:37 AM

Hello

In safe mode it is not going to work, we can try this script but I am not sure it is going to work

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    SRV:64bit: - (ssm_bus) -- C:\Windows\SysNative\bgmainsvc.dll (Oak Technology Inc.)
    [2012/03/30 10:33:55 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    :Files
    C:\Windows\SysNative\bgmainsvc.dll
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gjutras

gjutras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 02 April 2012 - 08:44 AM

safe mode works, just not recovery mode to access the system hard drive.

It ran. It didn't ask me to reboot. Here's the log. I'll post back later with a status after I've chance to reboot and use browsing some.

========== OTL ==========
Service ssm_bus stopped successfully!
Service ssm_bus deleted successfully!
C:\Windows\SysNative\bgmainsvc.dll moved successfully.
C:\Windows\SysNative\dds_trash_log.cmd moved successfully.
========== FILES ==========
File\Folder C:\Windows\SysNative\bgmainsvc.dll not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
K:\packages\Ad-Aware\cmd.bat deleted successfully.
K:\packages\Ad-Aware\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: app.gary.jutras

User: ASP.NET V2.0

User: ASP.NET v4.0

User: ASP.NET v4.0 Classic

User: Classic .NET AppPool

User: classicasp

User: Default

User: Default User

User: DefaultAppPool

User: Gary.Jutra

User: gary.jutras
->Java cache emptied: 0 bytes

User: GARY~2~JUT

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: app.gary.jutras

User: ASP.NET V2.0

User: ASP.NET v4.0

User: ASP.NET v4.0 Classic
->Flash cache emptied: 0 bytes

User: Classic .NET AppPool

User: classicasp

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool

User: Gary.Jutra

User: gary.jutras
->Flash cache emptied: 456 bytes

User: GARY~2~JUT

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04022012_093944

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:12 PM

Posted 02 April 2012 - 08:54 AM

OK let me know how it goes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users