Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Medfos.b and SpyeEyes


  • This topic is locked This topic is locked
16 replies to this topic

#1 damanic

damanic

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 02:00 AM

Hi there,

Hoping you can help with my virus problem. Windows Security Essentials on Win 7 is picking up Medfos.b all the time.

I have run malwarebytes and tdskiller, looked at the registry but it keeps coming back. malwarebytes picked up spyeyes in the recycle bin which prompted me to post here as I know this is a nasty one to have!

It appears to have come in through firefox!


DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Matt Work at 17:51:35 on 2012-11-28
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3071.1359 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\apache\bin\httpd.exe
D:\Acumedic-Stuff\CommuniGatePro\CGStarter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
D:\Acumedic-Stuff\CommuniGatePro\CGServer.exe
C:\mysql\bin\mysqld.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\apache\bin\httpd.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\SkypeMate\SkypeMate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Programs\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com/?l=dis&o=15007
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
uRun: [dmscr] "C:\Windows\System32\rundll32.exe" "C:\Users\Matt Work\AppData\Roaming\dmscr.dll",init_io
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\MATTWO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKYPEM~1.LNK - C:\Program Files (x86)\SkypeMate\SkypeMate.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - D:\Programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\Programs\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: google.com
TCP: NameServer = 192.168.0.2
TCP: Interfaces\{6F67E66B-693A-4A4F-8413-6BE0F81D3AEE} : DHCPNameServer = 192.168.0.2
TCP: Interfaces\{6F67E66B-693A-4A4F-8413-6BE0F81D3AEE}\45F4D494A5F4E4540275563747669656C646370284F6473707F647 : DHCPNameServer = 192.168.0.1 208.67.220.220
TCP: Interfaces\{6F67E66B-693A-4A4F-8413-6BE0F81D3AEE}\C4567596666697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6F67E66B-693A-4A4F-8413-6BE0F81D3AEE}\C656779666669733 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6F67E66B-693A-4A4F-8413-6BE0F81D3AEE}\C656F577966696 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6F67E66B-693A-4A4F-8413-6BE0F81D3AEE}\E425D414027457563747 : DHCPNameServer = 220.233.0.3 220.233.0.4
TCP: Interfaces\{7017F1C2-F88A-4F91-AEAF-185D3455A0BC} : DHCPNameServer = 192.168.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup
x64-Run: [BCSSync] "D:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=972
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.ftp - 94.194.59.126
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 94.194.59.126
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 94.194.59.126
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 94.194.59.126
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\passwordbank@upek.com\components\pbgk1_92.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-28 17:27; {549ae24d-d5fe-4f2d-867a-e35870048d36}; C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\{549ae24d-d5fe-4f2d-867a-e35870048d36}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 Apache2.2;Apache2.2;C:\apache\bin\httpd.exe [2010-10-18 20549]
R2 CommuniGate Pro Messaging Server;CommuniGate Pro Messaging Server;D:\Acumedic-Stuff\CommuniGatePro\CGStarter.exe [2011-5-2 32768]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-7-1 21992]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-5-28 72216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-28 128456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwLv64.sys [2011-1-27 7533568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\System32\drivers\USBGENE.sys [2010-9-28 152832]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-2 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="D:\Programs\Adobe-CS5\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="D:\Programs\Adobe-CS5\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-28 06:27:16 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B20AEEC2-E255-4BD9-B79F-8758051EEB2F}\offreg.dll
2012-11-28 04:00:28 -------- d-----w- C:\Users\Matt Work\AppData\Roaming\Malwarebytes
2012-11-28 04:00:22 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-28 04:00:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-28 04:00:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-27 23:21:17 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B20AEEC2-E255-4BD9-B79F-8758051EEB2F}\mpengine.dll
2012-11-26 23:18:15 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-22 04:33:29 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-22 02:26:11 -------- d-----w- C:\Users\Matt Work\AppData\Roaming\Riheuv
2012-11-21 15:01:04 552448 ----a-w- C:\Users\Matt Work\AppData\Roaming\dmscr.dll
2012-11-16 02:24:24 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-16 02:24:24 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-16 02:24:24 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-16 02:24:24 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-16 02:12:33 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-16 02:12:33 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-16 02:12:32 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-16 02:12:32 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 02:12:31 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-16 02:12:30 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-16 02:12:30 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-16 02:06:40 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-11-16 01:58:55 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-16 01:58:55 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-11-16 01:58:54 67072 ----a-w- C:\Windows\splwow64.exe
2012-11-16 01:58:54 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-09 16:57:46 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 16:57:46 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-12 05:20:50 8592 ----a-w- C:\Windows\System32\ractrlkeyhook.dll
2012-09-05 04:56:52 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-05 04:56:44 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-05 04:56:44 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 12:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 12:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 17:55:04.13 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:11:18 PM

Posted 28 November 2012 - 03:42 AM

:welcome: to BleepingComputer.


My name is Matthias and I'll help you with the cleanup of your computer.


Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Hoping you can help with my virus problem. Windows Security Essentials on Win 7 is picking up Medfos.b all the time.

Please post the logfile from Microsoft Securtiy Essentials (MSE) where it picked up Medfos.b.




I have run malwarebytes and tdskiller, looked at the registry but it keeps coming back. malwarebytes picked up spyeyes in the recycle bin which prompted me to post here as I know this is a nasty one to have!

Please post all logfiles from MBAM and TDSSKiller.




uStart Page = hxxp://uk.ask.com/?l=dis&o=15007

Have you set this start page? Is it ok?






Moreover, please follow these steps as well:




Step 1
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Step 2
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.





What you should post with your next answer:
  • the logfiles from MBAM and TDSSKiller,
  • the logfiles from MSE,
  • an answer to my question,
  • the logfile from aswMBR,
  • any further information that seems to be important in your eyes.

Regards,
M-K-D-B

#3 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 04:07 AM

MBAM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt Work :: MATTWORK-PC [administrator]

28/11/2012 15:51:34
mbam-log-2012-11-28 (15-51-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246466
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)



#4 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:11:18 PM

Posted 28 November 2012 - 04:48 AM

Hi,


thank you.

I'm waiting for the other logfiles. :)

Edited by M-K-D-B, 28 November 2012 - 04:48 AM.

Regards,
M-K-D-B

#5 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 07:41 AM

sorry I had to some errands to run...

TDSSKILLER

Attached Files

  • Attached File  tdss.txt   241.53KB   1 downloads

Edited by damanic, 28 November 2012 - 07:41 AM.


#6 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 07:43 AM

uStart Page = hxxp://uk.ask.com/?l=dis&o=15007


yep thats ok.. its a valid IE startpage... I dont use IE.

#7 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 07:45 AM

not sure how to get a full log file from MSE

but here is the detail when detected.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\Users\Matt Work\AppData\Local\549ae24d-d5fe-4f2d-867a-e35870048d36.crx
file:C:\Users\Matt Work\AppData\Local\549ae24d-d5fe-4f2d-867a-e35870048d36.crx->manager.js



#8 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 08:45 AM

aswMBR run twice, once in safemode.

Both times BLUE SCREEN!

First time I have seen this in win7

notable comments on blue screen


APC_INDEX_MISMATCH

STOP!

#9 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:11:18 PM

Posted 28 November 2012 - 10:18 AM

Hi,





Step 1
Shut down your protection software now to avoid potential conflicts.
Posted Image Please download Junkware Removal Tool to your desktop.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





What you should post with your next answer:
  • the logfile from JRT,
  • the logfile from ComboFix.

Regards,
M-K-D-B

#10 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 05:43 PM

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.9 (11.28.2012:3)
OS: Windows 7 Ultimate x64
Ran by Matt Work on 29/11/2012 at 9:30:03.98
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Val Name Type Value Data
======== ==== ==========
dmscr REG_SZ "C:\Windows\System32\rundll32.exe" "C:\Users\Matt Work\AppData\Roaming\dmscr.dll",init_io




~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Matt Work\appdata\locallow\asktoolbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\Matt Work\AppData\Roaming\mozilla\firefox\profiles\9foiosc9.default\user.js
Successfully deleted: [File] C:\Users\Matt Work\AppData\Roaming\mozilla\firefox\profiles\9foiosc9.default\searchplugins\askcom.xml



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/11/2012 at 9:34:10.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 November 2012 - 06:16 PM

COMBO

ComboFix 12-11-28.02 - Matt Work 29/11/2012 9:48.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3071.1890 [GMT 11:00]
Running from: c:\users\Matt Work\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\hosts
c:\users\Matt Work\AppData\Local\assembly\tmp
c:\users\Matt Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31DBEBC2-E10A-4FB1-A373-AC92AE60A860}.xps
c:\users\Matt Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\{530ADF18-B6C6-497D-9158-FA8E3616E225}.xps
c:\users\Matt Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D2C0CEE-BEED-44B0-B48D-557520D6AB1E}.xps
c:\users\Matt Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8EA1712D-F6AC-4343-88A2-E7E5E1ACCCBC}.xps
c:\users\Matt Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96D59047-057F-4AE4-80C3-063DFD9981AC}.xps
c:\users\Matt Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F67B479E-4113-4BA9-9022-584FA9586C12}.xps
c:\users\Matt Work\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA0C03C1-2ACD-484A-AEB5-14821E96FB4A}.xps
c:\users\Matt Work\AppData\Roaming\dmscr.dll
c:\users\Matt Work\AppData\Roaming\Evaer
c:\users\Matt Work\AppData\Roaming\Evaer\record.xml
c:\windows\7Loader.TAG
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 22:53 . 2012-11-28 22:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-28 22:53 . 2012-11-28 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 22:53 . 2012-11-28 22:53 -------- d-----w- c:\users\apache\AppData\Local\temp
2012-11-28 22:35 . 2012-11-28 22:35 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFD49853-AA4B-456F-A0B0-A051A93A0E05}\offreg.dll
2012-11-28 22:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFD49853-AA4B-456F-A0B0-A051A93A0E05}\mpengine.dll
2012-11-28 22:30 . 2012-11-28 22:30 -------- d-----w- c:\windows\ERUNT
2012-11-28 22:29 . 2012-11-28 22:29 -------- dc----w- C:\JRT
2012-11-28 09:10 . 2012-11-28 09:10 208216 ----a-w- c:\windows\system32\drivers\24905624.sys
2012-11-28 04:00 . 2012-11-28 04:00 -------- d-----w- c:\users\Matt Work\AppData\Roaming\Malwarebytes
2012-11-28 04:00 . 2012-11-28 04:00 -------- d-----w- c:\programdata\Malwarebytes
2012-11-28 04:00 . 2012-11-28 04:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-28 04:00 . 2012-09-29 08:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-26 23:18 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-23 23:47 . 2012-11-23 23:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-22 04:33 . 2012-11-20 06:17 262112 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-11-22 02:26 . 2012-11-22 02:26 -------- d-----w- c:\users\Matt Work\AppData\Roaming\Riheuv
2012-11-16 02:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 02:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 02:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 02:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 02:14 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-16 02:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 02:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 02:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 02:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 02:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 02:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 02:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 02:06 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-11-16 01:58 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-11-16 01:58 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-16 01:58 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-11-16 01:58 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 03:07 . 2010-09-27 19:37 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 16:57 . 2012-04-01 05:45 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:57 . 2011-06-14 05:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 09:44 . 2012-10-21 03:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCB77656-760E-4055-92C6-FE03E90AD3B4}\gapaengine.dll
2012-09-27 09:44 . 2011-03-28 05:29 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 19:19 . 2012-10-09 18:31 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 18:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-12 05:20 . 2012-09-12 05:20 8592 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2012-09-05 04:56 . 2012-09-05 04:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-05 04:56 . 2012-07-04 13:11 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-05 04:56 . 2010-09-28 17:41 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
c:\users\Matt Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SkypeMate.lnk - c:\program files (x86)\SkypeMate\SkypeMate.exe [2010-8-6 670208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CommuniGate Pro Messaging Server;CommuniGate Pro Messaging Server;d:\acumedic-stuff\CommuniGatePro\CGStarter.exe [2003-10-18 32768]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-28 32768]
R3 cpuz126;cpuz126;c:\users\MATTWO~1\AppData\Local\Temp\cpuz64.sys [x]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-08-14 152832]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-02 1255736]
R3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-28 834544]
S2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2010-10-17 20549]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2010-10-07 7533568]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-27 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:57]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 06:21]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 06:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-03-29 05:25 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-03-29 05:25 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2010-03-29 84744]
"BCSSync"="d:\programs\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://uk.ask.com/?l=dis&o=15007
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - d:\programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\programs\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: google.com
TCP: DhcpNameServer = 192.168.0.2
FF - ProfilePath - c:\users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.ftp - 94.194.59.126
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 94.194.59.126
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 94.194.59.126
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 94.194.59.126
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-29 09:05; {549ae24d-d5fe-4f2d-867a-e35870048d36}; c:\users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\{549ae24d-d5fe-4f2d-867a-e35870048d36}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-dmscr - c:\users\Matt Work\AppData\Roaming\dmscr.dll
SafeBoot-03264279.sys
SafeBoot-19195940.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld\" --defaults-file=\"c:\mysql\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\1b\125'?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-29 09:57:13
ComboFix-quarantined-files.txt 2012-11-28 22:57
.
Pre-Run: 3,892,649,984 bytes free
Post-Run: 4,650,856,448 bytes free
.
- - End Of File - - 26B51AF137C69BEFCC3C2A81ACADA706



#12 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:11:18 PM

Posted 29 November 2012 - 02:53 AM

Hi,




Step 1
Please visit VirusTotal.
Click Choose File.
Copy and paste the following code into the search field and press enter:
c:\windows\system32\drivers\24905624.sys
Click on Scan it.
If the file was already uploaded to VirusTotal before, click on Reanalyse.
VirusTotal will show you the results of the uploaded file. This may take some time. Please be patient.
After VirusTotal has finished analysing the file, please copy the link from your adress bar and post it with your next answer.





Step 2
Please download OTL from one of the following mirrors:
  • This is THE Mirror
  • Please reopen Posted Image on your desktop.
  • Click the "Scan All Users" checkbox.
  • Be sure that the checkbox for 64 bit is activated as well.
  • Under Extra Registry choose Use SafeList.
  • Copy and Paste the following code into the Posted Image textbox.
    activex
    netsvcs
    msconfig
    drivers32
    safebootminimal
    safebootnetwork
    CREATERESTOREPOINT
    
  • Push Posted Image
  • Two reports will open:
    OTL.txt <-- Will be opened
    Extra.txt <-- Will be minimized
  • Copy and paste them in a reply here





What you should post with your next answer:
  • the link from VirusTotal,
  • both logfiles from OTL.

Regards,
M-K-D-B

#13 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:11:18 PM

Posted 02 December 2012 - 06:57 AM

Hi,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#14 damanic

damanic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 03 December 2012 - 03:57 AM

sorry just got back from a long weekend. I thought the alerts had stopped but same medfos.b popped up in WSE as the OTL scan was running.

c:\windows\system32\drivers\24905624.sys
NOT FOUND.

OTL
OTL logfile created on: 03/12/2012 19:51:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt Work\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 45.30% Memory free
6.00 Gb Paging File | 3.19 Gb Available in Paging File | 53.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.01 Gb Total Space | 1.29 Gb Free Space | 2.59% Space Free | Partition Type: NTFS
Drive D: | 70.00 Gb Total Space | 30.99 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
Drive E: | 238.62 Gb Total Space | 114.73 Gb Free Space | 48.08% Space Free | Partition Type: NTFS
Drive F: | 300.00 Gb Total Space | 217.07 Gb Free Space | 72.36% Space Free | Partition Type: NTFS
Drive G: | 40.00 Gb Total Space | 22.55 Gb Free Space | 56.36% Space Free | Partition Type: NTFS
Drive H: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 29.88 Gb Total Space | 29.55 Gb Free Space | 98.92% Space Free | Partition Type: FAT32
 
Computer Name: MATTWORK-PC | User Name: Matt Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/12/03 19:51:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Work\Desktop\OTL.exe
PRC - [2012/11/20 17:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/10 03:57:46 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2011/08/03 22:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 13:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/04 21:08:16 | 005,133,448 | ---- | M] (CommuniGate Systems, Inc.) -- D:\Acumedic-Stuff\CommuniGatePro\CGServer.exe
PRC - [2010/10/18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\apache\bin\httpd.exe
PRC - [2010/08/06 13:19:42 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\SkypeMate\SkypeMate.exe
PRC - [2003/10/19 04:03:24 | 000,032,768 | ---- | M] () -- D:\Acumedic-Stuff\CommuniGatePro\CGStarter.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/11/20 17:17:34 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/10 03:57:46 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2011/08/03 13:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/08/07 12:16:00 | 000,579,072 | ---- | M] () -- C:\Program Files (x86)\SkypeMate\SkypeMate.dll
MOD - [2010/08/06 13:19:42 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\SkypeMate\SkypeMate.exe
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2012/09/12 22:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2012/09/12 22:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 12:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/20 17:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 03:57:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 08:00:54 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 08:00:28 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/02 13:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/03 22:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 13:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/21 04:52:36 | 009,631,232 | ---- | M] () [Auto | Running] -- C:\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2010/10/18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/10/19 04:03:24 | 000,032,768 | ---- | M] () [Auto | Running] -- D:\Acumedic-Stuff\CommuniGatePro\CGStarter.exe -- (CommuniGate Pro Messaging Server)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012/08/30 23:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/08/24 01:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/24 01:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/07/12 08:00:29 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:[b]64bit:[/b] - [2012/04/02 13:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:[b]64bit:[/b] - [2012/04/02 13:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:[b]64bit:[/b] - [2012/03/01 17:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/05/10 20:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 00:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:[b]64bit:[/b] - [2010/11/21 00:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 22:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2010/11/20 22:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:[b]64bit:[/b] - [2010/11/20 20:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:[b]64bit:[/b] - [2010/10/07 23:11:50 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwLv64.sys -- (NETwLv64)
DRV:[b]64bit:[/b] - [2010/09/29 03:20:42 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010/04/29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:[b]64bit:[/b] - [2009/12/08 17:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:[b]64bit:[/b] - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/11 08:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:[b]64bit:[/b] - [2009/06/11 07:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:[b]64bit:[/b] - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2007/08/15 06:57:08 | 000,152,832 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBGENE.sys -- (DCamUSBGene)
DRV:[b]64bit:[/b] - [2007/08/09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2006/11/18 23:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:[b]64bit:[/b] - [2006/06/17 01:50:34 | 000,275,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV - [2012/04/02 13:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2011/07/25 07:29:10 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/07/14 22:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=15007
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 5B 5E 1A DE 51 CC 01  [binary data]
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\..\SearchScopes,DefaultScope = {CBC6F849-DCCC-4021-9999-4378122CA0FA}
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\..\SearchScopes\{CBC6F849-DCCC-4021-9999-4378122CA0FA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\..\SearchScopes\{D3190291-5502-4060-B0ED-A25D16E20087}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15004&src=kw&q={searchTerms}&locale=&apn_ptnrs=PW&apn_dtid=YYYYYYYYGB&apn_uid=0457187D-BF94-4EE0-84AC-E9F6A28B2B5C&apn_sauid=9BA742A5-F5E2-4235-A322-22EA2006F0C0
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B AA 84 5A 7E 29 CC 01  [binary data]
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\..\SearchScopes,DefaultScope = {CBC6F849-DCCC-4021-9999-4378122CA0FA}
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\..\SearchScopes\{CBC6F849-DCCC-4021-9999-4378122CA0FA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B AA 84 5A 7E 29 CC 01  [binary data]
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\..\SearchScopes,DefaultScope = {CBC6F849-DCCC-4021-9999-4378122CA0FA}
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\..\SearchScopes\{CBC6F849-DCCC-4021-9999-4378122CA0FA}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "google.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.972
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.9.3.6241.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..network.proxy.backup.ftp: "94.194.59.126"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "94.194.59.126"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "94.194.59.126"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "94.194.59.126"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "94.194.59.126"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "94.194.59.126"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "94.194.59.126"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programs\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/22 15:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 17:03:46 | 000,000,000 | ---D | M]
 
[2010/09/28 06:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt Work\AppData\Roaming\Mozilla\Extensions
[2012/11/28 20:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions
[2012/10/30 20:36:35 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\LogMeInClient@logmein.com
[2010/09/29 02:45:16 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\passwordbank@upek.com
[2012/11/01 14:31:47 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\firebug@software.joehewitt.com.xpi
[2012/11/29 09:05:27 | 000,004,055 | ---- | M] () (No name found) -- C:\Users\Matt Work\AppData\Roaming\Mozilla\Firefox\Profiles\9foiosc9.default\extensions\{549ae24d-d5fe-4f2d-867a-e35870048d36}.xpi
[2012/11/22 15:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/20 17:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 17:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 17:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/11/29 17:03:29 | 000,000,052 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       intra.net
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [BCSSync] D:\Programs\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation)
O4 - Startup: C:\Users\Matt Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files (x86)\SkypeMate\SkypeMate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - res://D:\Programs\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Programs\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - res://D:\Programs\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1000\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1006\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3371113111-2860686565-3526645589-1007\..Trusted Domains: google.com ([]* in Trusted sites)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:[b]64bit:[/b] - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/x64/ractrl.cab?lmi=972 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F67E66B-693A-4A4F-8413-6BE0F81D3AEE}: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7017F1C2-F88A-4F91-AEAF-185D3455A0BC}: DhcpNameServer = 192.168.0.2
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/12/03 19:50:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt Work\Desktop\OTL.exe
[2012/11/29 10:42:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/29 09:46:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/29 09:46:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/29 09:46:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/29 09:46:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/29 09:46:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/29 09:43:53 | 005,008,458 | R--- | C] (Swearware) -- C:\Users\Matt Work\Desktop\ComboFix.exe
[2012/11/29 09:30:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/11/29 09:29:52 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/28 23:57:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Matt Work\Desktop\aswMBR.exe
[2012/11/28 20:10:50 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24905624.sys
[2012/11/28 17:50:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Matt Work\Desktop\dds.com
[2012/11/28 17:22:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt Work\Desktop\tdsskiller.exe
[2012/11/28 15:00:28 | 000,000,000 | ---D | C] -- C:\Users\Matt Work\AppData\Roaming\Malwarebytes
[2012/11/28 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 15:00:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/28 15:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/28 14:59:37 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Matt Work\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/24 10:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 10:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/22 13:26:11 | 000,000,000 | ---D | C] -- C:\Users\Matt Work\AppData\Roaming\Riheuv
[2012/11/16 13:24:24 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 13:24:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/16 13:23:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/16 13:23:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/16 13:23:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/11/16 13:23:38 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/11/16 13:23:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/11/16 13:23:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/11/16 13:23:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/11/16 13:23:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/11/16 13:23:34 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/11/16 13:23:34 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/11/16 13:23:34 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/11/16 13:23:34 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/11/16 13:23:34 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/11/16 13:23:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/11/16 13:23:34 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/11/16 13:23:34 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/11/16 13:23:34 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/11/16 13:23:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/11/16 13:23:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/11/16 13:23:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/11/16 13:23:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/11/16 13:23:33 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/11/16 13:23:33 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/11/16 13:23:33 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/11/16 13:14:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 13:14:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 13:14:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 13:14:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 13:14:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 13:14:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 13:14:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 13:14:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 13:14:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 13:14:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 13:14:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 13:14:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 13:14:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 13:14:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 13:14:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 13:12:32 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/16 13:12:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 13:12:30 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/16 13:12:30 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 13:07:31 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/16 13:07:30 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/16 13:07:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/16 13:07:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/16 13:07:21 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/16 13:07:21 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/16 13:07:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/16 13:07:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/16 13:07:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/16 13:07:16 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/11/16 13:07:06 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/11/16 13:07:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/11/16 13:07:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/11/16 13:07:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/11/16 13:07:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/11/16 13:07:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/11/16 13:07:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/11/16 13:07:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/11/16 13:07:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/11/16 13:07:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/11/16 13:07:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/11/16 13:07:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/11/16 13:07:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/16 13:07:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/16 13:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/16 13:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/11/16 13:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/11/16 13:07:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/16 13:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/11/16 13:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/16 13:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/11/16 13:07:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/11/16 13:07:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/16 13:07:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/16 13:07:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/16 13:07:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/11/16 13:07:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/16 13:07:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/16 13:07:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/11/16 13:07:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/16 13:07:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/11/16 13:07:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/11/16 13:07:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/16 13:07:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/11/16 13:07:01 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/11/16 13:07:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/16 13:07:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/11/16 13:07:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/16 13:07:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/11/16 13:07:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/11/16 13:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/11/16 13:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/16 13:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/16 13:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/11/16 13:07:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/11/16 13:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/11/16 13:05:55 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 13:05:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/16 13:05:50 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/11/16 13:05:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/11/16 13:05:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/11/16 13:05:44 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/11/16 13:05:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/11/16 13:05:39 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/11/16 13:05:32 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/11/16 13:05:32 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/11/16 12:58:55 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/11/16 12:58:54 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/11/16 12:58:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2011/09/28 00:25:47 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Matt Work\gotomypc_626.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/12/03 19:51:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt Work\Desktop\OTL.exe
[2012/12/03 19:47:00 | 000,020,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/03 19:47:00 | 000,020,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/03 19:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/03 18:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/03 16:04:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 10:16:34 | 000,458,752 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/11/30 10:16:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/30 10:16:10 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/29 19:36:39 | 000,000,600 | ---- | M] () -- C:\Users\Matt Work\AppData\Roaming\winscp.rnd
[2012/11/29 17:03:29 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/29 09:44:14 | 005,008,458 | R--- | M] (Swearware) -- C:\Users\Matt Work\Desktop\ComboFix.exe
[2012/11/29 09:29:30 | 000,910,521 | ---- | M] () -- C:\Users\Matt Work\Desktop\JRT.exe
[2012/11/28 23:57:55 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Matt Work\Desktop\aswMBR.exe
[2012/11/28 23:46:40 | 000,000,020 | ---- | M] () -- C:\Users\Matt Work\defogger_reenable
[2012/11/28 23:46:26 | 000,050,477 | ---- | M] () -- C:\Users\Matt Work\Desktop\Defogger.exe
[2012/11/28 20:10:51 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\24905624.sys
[2012/11/28 17:50:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Matt Work\Desktop\dds.com
[2012/11/28 17:22:44 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt Work\Desktop\tdsskiller.exe
[2012/11/28 15:35:52 | 003,908,862 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/28 15:35:52 | 001,782,644 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/28 15:35:51 | 000,005,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/28 15:00:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 14:59:58 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Matt Work\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/26 20:46:26 | 000,047,678 | ---- | M] () -- C:\Users\Matt Work\Desktop\ateroma2.jpg
[2012/11/23 06:31:02 | 000,169,280 | ---- | M] () -- C:\Users\Matt Work\Desktop\kingston_bill_receipt_nov2012.pdf
[2012/11/22 16:05:50 | 000,154,876 | ---- | M] () -- C:\Users\Matt Work\Desktop\fipleak.jpg
[2012/11/22 15:33:45 | 000,002,048 | ---- | M] () -- C:\Users\Matt Work\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/22 15:33:45 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 01:30:41 | 000,663,349 | ---- | M] () -- C:\Users\Matt Work\Desktop\IMAG0311.jpg
[2012/11/22 01:29:37 | 001,138,230 | ---- | M] () -- C:\Users\Matt Work\Desktop\IMAG0310.jpg
[2012/11/22 00:42:14 | 000,600,857 | ---- | M] () -- C:\Users\Matt Work\Desktop\IMAG0309.jpg
[2012/11/19 17:56:00 | 004,796,530 | ---- | M] () -- C:\Users\Matt Work\Desktop\a.pdf
[2012/11/18 17:35:48 | 000,000,450 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/18 01:45:05 | 004,970,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/13 21:45:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/11/07 18:20:50 | 008,879,659 | ---- | M] () -- C:\Users\Matt Work\Desktop\shop_products.sql
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/11/29 09:50:57 | 000,006,510 | ---- | C] () -- C:\Users\Matt Work\AppData\Local\549ae24d-d5fe-4f2d-867a-e35870048d36.crx
[2012/11/29 09:46:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/29 09:46:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/29 09:46:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/29 09:46:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/29 09:46:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/29 09:29:24 | 000,910,521 | ---- | C] () -- C:\Users\Matt Work\Desktop\JRT.exe
[2012/11/28 23:46:40 | 000,000,020 | ---- | C] () -- C:\Users\Matt Work\defogger_reenable
[2012/11/28 23:46:27 | 000,050,477 | ---- | C] () -- C:\Users\Matt Work\Desktop\Defogger.exe
[2012/11/28 15:00:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/26 20:46:25 | 000,047,678 | ---- | C] () -- C:\Users\Matt Work\Desktop\ateroma2.jpg
[2012/11/23 06:31:02 | 000,169,280 | ---- | C] () -- C:\Users\Matt Work\Desktop\kingston_bill_receipt_nov2012.pdf
[2012/11/22 16:05:49 | 000,154,876 | ---- | C] () -- C:\Users\Matt Work\Desktop\fipleak.jpg
[2012/11/22 15:33:45 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/22 15:33:45 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/22 01:30:05 | 000,663,349 | ---- | C] () -- C:\Users\Matt Work\Desktop\IMAG0311.jpg
[2012/11/22 01:28:53 | 001,138,230 | ---- | C] () -- C:\Users\Matt Work\Desktop\IMAG0310.jpg
[2012/11/22 00:41:47 | 000,600,857 | ---- | C] () -- C:\Users\Matt Work\Desktop\IMAG0309.jpg
[2012/11/19 17:53:11 | 004,796,530 | ---- | C] () -- C:\Users\Matt Work\Desktop\a.pdf
[2012/11/16 13:24:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 13:12:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 21:45:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/11/07 18:20:43 | 008,879,659 | ---- | C] () -- C:\Users\Matt Work\Desktop\shop_products.sql
[2012/02/11 01:41:43 | 000,000,132 | ---- | C] () -- C:\Users\Matt Work\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/11 01:38:25 | 000,001,456 | ---- | C] () -- C:\Users\Matt Work\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/07 14:53:43 | 000,000,031 | ---- | C] () -- C:\Windows\iexplore.ini
[2012/01/08 01:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/08 01:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/08 01:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/08 01:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/08 01:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/08 01:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 17:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 17:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/01 01:14:29 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\QL56F.DLL
[2011/09/27 09:41:02 | 000,000,336 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/08/03 13:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/25 07:29:10 | 000,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2011/07/02 04:51:40 | 000,000,000 | ---- | C] () -- C:\Users\Matt Work\AppData\Local\{CE5748D7-0EE8-430F-8792-C592C4751649}
[2011/01/25 07:22:23 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/13 19:07:44 | 000,000,600 | ---- | C] () -- C:\Users\Matt Work\AppData\Roaming\winscp.rnd
[2010/10/13 19:07:39 | 000,000,600 | ---- | C] () -- C:\Users\Matt Work\AppData\Local\PUTTY.RND
[2010/10/05 02:57:01 | 000,022,503 | ---- | C] () -- C:\Users\Matt Work\AppData\Local\backup.vtp
[2010/09/29 18:19:32 | 000,000,450 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/29 09:06:18 | 000,007,601 | ---- | C] () -- C:\Users\Matt Work\AppData\Local\Resmon.ResmonCfg
[2010/09/28 22:21:38 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 15:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras
OTL Extras logfile created on: 03/12/2012 19:51:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matt Work\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 45.30% Memory free
6.00 Gb Paging File | 3.19 Gb Available in Paging File | 53.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.01 Gb Total Space | 1.29 Gb Free Space | 2.59% Space Free | Partition Type: NTFS
Drive D: | 70.00 Gb Total Space | 30.99 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
Drive E: | 238.62 Gb Total Space | 114.73 Gb Free Space | 48.08% Space Free | Partition Type: NTFS
Drive F: | 300.00 Gb Total Space | 217.07 Gb Free Space | 72.36% Space Free | Partition Type: NTFS
Drive G: | 40.00 Gb Total Space | 22.55 Gb Free Space | 56.36% Space Free | Partition Type: NTFS
Drive H: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 29.88 Gb Total Space | 29.55 Gb Free Space | 98.92% Space Free | Partition Type: FAT32
 
Computer Name: MATTWORK-PC | User Name: Matt Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programs\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programs\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programs\Adobe-CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programs\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programs\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programs\Adobe-CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C2E31E9-C8CA-49D7-A761-6632E5581D6A}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface | 
"{2A378B4B-0555-4B56-8097-B5200387F7D4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2C873FD0-A6EB-4A05-A4B2-DE8E6881D855}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3812DF46-FE06-4B24-9D4D-00E9B24B6288}" = lport=137 | protocol=17 | dir=in | app=system | 
"{398C8CC3-AF90-4325-A4ED-7E64D7FFA3FA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4CC49949-D096-4F1F-A7E2-A0F7DAC86B5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E1BAE06-6E6C-480C-A38C-7798A4E8C8C6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5E6CDF27-FF12-4937-9EF3-6100596BA5BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{603B2BE2-4D7C-4A79-8E36-61344D35BB07}" = rport=138 | protocol=17 | dir=out | app=system | 
"{67ADD8B5-71A2-407B-954C-197E12E0DD29}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{8389E16F-D784-48A5-AF6B-CF9C142390F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8933869F-6585-4448-ADAE-22B654CF8477}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9568940C-630E-414D-A6AB-97945D9D1D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E73514E-9EC6-4907-B961-6D64710975EE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A6DAAC79-0F1F-4B99-BB01-17695587CA86}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ADC08F7B-31FB-4DA2-B0DD-971C0608FB63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4A5CB48-0393-4704-ADE7-74AFA4521C57}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B57312DF-3B1F-4E14-A86C-3ECB6BC917FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B73976A5-EE4D-42AC-BE90-CB2E37A5A37D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF040B43-AC39-4DC7-9508-9DCDFA9C1865}" = lport=6004 | protocol=17 | dir=in | app=d:\programs\microsoft office\office14\outlook.exe | 
"{D0189BE8-20B2-4369-9FB7-0ED8BD17C928}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D1CE43CC-051B-4C51-B44B-7C387F6FA4CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D20CD869-A1C6-425F-931A-3D8468939A81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D583C870-AE2E-4E26-9B2C-827049D487A9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D6C2271A-E237-4A98-944F-C8D23649ECA8}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{DA8E867F-D69C-48C8-A805-FED0702847AC}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{EEF3F38A-18DC-4D68-AB21-D5B29C0421DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F839D9BA-E9AA-442A-8E8B-A1B35D63E517}" = lport=445 | protocol=6 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065C6F01-C7DD-4BBF-8DEB-3B9FD4DDAD00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{22234F48-B250-4FC7-9A16-907F5660311B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{227725B3-4BB0-4A08-B5C4-10154A77DDF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{361DE701-E1CB-4E7C-B290-7029BEF75571}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{454726D2-DB48-49DC-B326-6EFD7F3A546B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{484032E7-28CA-489D-8089-F8F3BBD85CF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BABBB8E-08CC-4946-AB18-6357495CC6F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C6E5902-695B-4C1E-82D1-38EAD427ECE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EE01AB9-65E8-43DD-AB99-A4750220693B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{657E30B7-D07A-4A4E-ABC6-6E85C82A88D3}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{6975DE39-011F-42A8-BD25-450C4443BDB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{74AA6E84-441E-4A56-ABA6-F05462D2B8B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{79C88435-DCD4-4ABC-A72B-990F017D6059}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{928D5591-9808-4442-8B24-3F8BB1052E9A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{931E3747-D09E-4D5C-96D8-66362F65E19E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{96608273-6567-470E-8334-AE866DC58225}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{988C75EC-8307-40F5-A723-49C82E5DACE5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B142DBC6-3045-4C7A-901D-D8471D53C5A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B47556B6-EDAD-428B-B978-337ED4111EAC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5C5EBEA-1F4E-431A-8D30-BCFE421E7529}" = protocol=6 | dir=out | app=system | 
"{D2743853-B485-41C3-9217-446A21FD8ADE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD7EFA88-07A7-4842-9094-4AB50CD9864D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E32EF4B9-4BB8-4BC3-A7A4-F5DFDB9613D5}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{EA37FA41-B14B-44DD-966D-CF5B3C039638}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0401C0DD-64D6-4CDA-97A8-B42EB86BC83D}D:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe | 
"TCP Query User{07DD25EB-09B8-4662-ADE9-DAA243C831EA}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{08DC33E1-8001-4E3D-B356-8D6678C532A2}C:\program files (x86)\windows mobile 6 sdk\tools\cellular emulator\cellular emulator.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows mobile 6 sdk\tools\cellular emulator\cellular emulator.exe | 
"TCP Query User{0B037C1A-9023-42A3-A047-5972AD843695}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{0BDCD33A-6DCF-40A1-BA4F-2ACC5C9502C3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{128C4C64-227F-4705-8614-3CEDE8A36D19}E:\soulseekns\slsk.exe" = protocol=6 | dir=in | app=e:\soulseekns\slsk.exe | 
"TCP Query User{16F54188-D4A8-47AC-8E09-675D77C79DFF}D:\programs\winscp\winscp\winscp.exe" = protocol=6 | dir=in | app=d:\programs\winscp\winscp\winscp.exe | 
"TCP Query User{2BAF9B1B-107C-4F0D-BFE2-2F2F322DFF53}D:\programs\adobe-cs5\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=d:\programs\adobe-cs5\adobe dreamweaver cs5\dreamweaver.exe | 
"TCP Query User{2C63D4B1-664B-4D3E-A2D7-205E145CB789}D:\acumedic-stuff\webdez\virtualserver\xampplite\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\acumedic-stuff\webdez\virtualserver\xampplite\apache\bin\apache.exe | 
"TCP Query User{3C510D8B-EC57-4A28-BF12-FDA103CC4CBB}D:\programs\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programs\vlc\vlc.exe | 
"TCP Query User{3CAC5C1A-549C-417E-8771-79162F9AA1A2}C:\users\matt work\appdata\local\temp\g2_626\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\matt work\appdata\local\temp\g2_626\g2viewer.exe | 
"TCP Query User{44622E5E-D939-4F5F-9433-0C07274F965A}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"TCP Query User{452A8489-C15A-4A34-87CD-DFB5C59FE901}E:\mirc\xdcc-browser\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\xdcc-browser\mirc.exe | 
"TCP Query User{75F3AAD5-F821-4F44-AC02-87C61E4D43E6}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{7BC74130-0CDC-4CBF-A520-D069E12D923D}C:\program files (x86)\printershare\paconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\printershare\paconsole.exe | 
"TCP Query User{8362C76E-48C3-4418-B579-7A3D506A1CFF}C:\users\matt work\appdata\roaming\zyuq\kurox.exe" = protocol=6 | dir=in | app=c:\users\matt work\appdata\roaming\zyuq\kurox.exe | 
"TCP Query User{96A05BFE-DCB4-4C20-A5FA-F1B0EEE6801A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{A0DDB92A-DA45-48A0-B936-45DEC768A62D}D:\programs\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programs\sopcast\sopcast.exe | 
"TCP Query User{A106DDC1-49CA-4107-85D5-3E111A9BCC72}C:\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\apache\bin\httpd.exe | 
"TCP Query User{A92F4C02-5674-4160-B58D-57CCF2BC86CF}I:\mirc\mirc.exe" = protocol=6 | dir=in | app=i:\mirc\mirc.exe | 
"TCP Query User{B7585519-EAB2-4F86-9082-B8AD90274353}I:\xdcc browser\mirc.exe" = protocol=6 | dir=in | app=i:\xdcc browser\mirc.exe | 
"TCP Query User{C32478BB-4573-4DBA-9A4F-0B8E5726E134}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{D7614167-0935-4655-AFE5-FC6570EBE6A8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{D7DD9F96-C7B0-41D3-B3F5-9843CD4B1013}D:\programs\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programs\sopcast\adv\sopadver.exe | 
"TCP Query User{D911E6C9-0DB8-4A70-A3B9-62EA77472408}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{DE4EAA33-DC12-4D98-AF76-A279D67BD71D}I:\mirc\mirc.exe" = protocol=6 | dir=in | app=i:\mirc\mirc.exe | 
"TCP Query User{E56AB7A7-5DA8-4A68-8B77-30AF1042F0CA}D:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe | 
"TCP Query User{EC704C10-5367-40C3-9C05-1CAB826AEDE0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{00C2AB69-F08D-49BC-A5E0-94E8B1C0054B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{0F70C418-2EA5-4716-8617-11201E0F5D29}I:\xdcc browser\mirc.exe" = protocol=17 | dir=in | app=i:\xdcc browser\mirc.exe | 
"UDP Query User{10E3CA0D-2B63-48BA-A402-2DC401C4A4B1}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{1FE270CA-6869-42BA-93D8-1DEB56F94F54}D:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe | 
"UDP Query User{21A4D2E9-D10F-4B8A-BCD8-7AD400CFE863}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"UDP Query User{2C68F140-A34F-491B-A0E0-47FD91C78D4D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{33AC54FD-4C18-4A13-8507-6F74D89FCF83}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{48C8C94D-CFE9-4F83-AD57-A24BC861A0F7}D:\programs\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programs\vlc\vlc.exe | 
"UDP Query User{4AE3C2F9-6BCE-4A15-BFC3-05B2D272AB8B}D:\acumedic-stuff\webdez\virtualserver\xampplite\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\acumedic-stuff\webdez\virtualserver\xampplite\apache\bin\apache.exe | 
"UDP Query User{573BCD5D-4B2E-4BCD-A0F1-55AF59F57AD3}E:\mirc\xdcc-browser\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\xdcc-browser\mirc.exe | 
"UDP Query User{5AED95D4-2669-49FB-A711-91D8BAF45342}C:\program files (x86)\printershare\paconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\printershare\paconsole.exe | 
"UDP Query User{5EDFB8AB-2367-4C3C-8F50-8C3A0AD550F4}D:\programs\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programs\sopcast\adv\sopadver.exe | 
"UDP Query User{6E521E74-0847-489A-B795-C072013D5FCA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{71C0ACF1-E16F-4C65-9FCB-29D41659B3E6}I:\mirc\mirc.exe" = protocol=17 | dir=in | app=i:\mirc\mirc.exe | 
"UDP Query User{7A8E72D7-1366-4CB5-B0AC-89974B791A12}C:\program files (x86)\windows mobile 6 sdk\tools\cellular emulator\cellular emulator.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows mobile 6 sdk\tools\cellular emulator\cellular emulator.exe | 
"UDP Query User{7AA75F02-7BC3-4357-8D21-D7451338B5A5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{8457022C-0CAD-4535-A284-45512F4F81FA}D:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\acumedic-stuff\webdez\virtualserver\xampplite\mysql\bin\mysqld.exe | 
"UDP Query User{8CB2C27C-9842-4B3F-BA00-7F5FEC596AA0}E:\soulseekns\slsk.exe" = protocol=17 | dir=in | app=e:\soulseekns\slsk.exe | 
"UDP Query User{95FDE326-24A1-4610-B559-919D65C861E2}C:\users\matt work\appdata\roaming\zyuq\kurox.exe" = protocol=17 | dir=in | app=c:\users\matt work\appdata\roaming\zyuq\kurox.exe | 
"UDP Query User{96A2934A-F386-4D45-96CF-3E8C4AC68566}D:\programs\adobe-cs5\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=d:\programs\adobe-cs5\adobe dreamweaver cs5\dreamweaver.exe | 
"UDP Query User{9BE96DB8-D9B4-4D6A-9D6A-5E05FC9BAE01}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{9F778593-391D-4613-A869-7FCE963ACE1F}C:\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\apache\bin\httpd.exe | 
"UDP Query User{A1630A0A-A071-42E6-A451-0C75AECD78D2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{A58771CD-0644-407A-99FB-C82E859A7000}D:\programs\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programs\sopcast\sopcast.exe | 
"UDP Query User{D0CA646A-3367-42E8-90B9-738121938D45}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{DA443C9B-9BB7-4467-8CBB-B74A73C20002}D:\programs\winscp\winscp\winscp.exe" = protocol=17 | dir=in | app=d:\programs\winscp\winscp\winscp.exe | 
"UDP Query User{E817B68A-3B6B-4528-B422-154E5AC31B96}I:\mirc\mirc.exe" = protocol=17 | dir=in | app=i:\mirc\mirc.exe | 
"UDP Query User{EA9D4473-8155-4BA2-88B2-F8503A4BBAF6}C:\users\matt work\appdata\local\temp\g2_626\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\matt work\appdata\local\temp\g2_626\g2viewer.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Protector Suite 2009.3
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4E2D1823-C889-4CA9-9BB2-08E962A5E735}" = MySQL Server 5.5
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1319
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A3A9522-EFA2-4C56-9138-101692C2A130}" = System Requirements Lab
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys Logic PC Camera Device
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.17
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{902BC78E-9FE8-47DA-8741-3EEE616D22C1}" = PHP 5.3.5
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"AutoItv3" = AutoIt v3.3.6.1
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"iecollection_is1" = Utilu IE Collection 1.7.2.1
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF To JPG_is1" = PDF To JPG 2.0
"SkypeMate" = SkypeMate
"SopCast" = SopCast 3.4.0
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"SQLyog" = SQLyog 8.55 
"VLC media player" = VLC media player 1.1.4
"winscp3_is1" = WinSCP 4.2.9
"XDCC Browser 4.52" = XDCC Browser 4.52
"xvid" = Xvid MPEG-4 Video Codec
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 29/11/2012 04:38:29 | Computer Name = MattWork-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.6126.5003 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 10f8    Start
 Time: 01cdcdc216a516c9    Termination Time: 266    Application Path: D:\Programs\Microsoft
 Office\Office14\OUTLOOK.EXE    Report Id:   
 
Error - 29/11/2012 04:40:35 | Computer Name = MattWork-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 17.0.0.4706 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 15e0    Start
 Time: 01cdcdc273290f77    Termination Time: 232    Application Path: C:\Program Files (x86)\Mozilla
 Firefox\firefox.exe    Report Id: 3def091f-3a00-11e2-a626-001bfc140a0c  
 
Error - 29/11/2012 04:42:21 | Computer Name = MattWork-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 17.0.0.4706 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 15dc    Start
 Time: 01cdce0d393a1359    Termination Time: 80    Application Path: C:\Program Files (x86)\Mozilla
 Firefox\firefox.exe    Report Id: af62176c-3a00-11e2-a626-001bfc140a0c  
 
Error - 29/11/2012 09:19:43 | Computer Name = MattWork-PC | Source = CommuniGatePro | ID = 100
Description = SYSTEM Interrupt signal 2 has been received  
 
Error - 01/12/2012 10:00:24 | Computer Name = MattWork-PC | Source = CommuniGatePro | ID = 100
Description = SYSTEM CPU overloaded: main thread missed 7 seconds  
 
[ System Events ]
Error - 28/11/2012 19:39:46 | Computer Name = MattWork-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\Haspnt.sys has been blocked from loading
 due to incompatibility with this system. Please contact your software vendor for
 a compatible version of the driver.
 
Error - 28/11/2012 19:39:46 | Computer Name = MattWork-PC | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error:   %%1275
 
Error - 28/11/2012 19:39:51 | Computer Name = MattWork-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\hardlock.sys has been blocked from
 loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 28/11/2012 19:39:51 | Computer Name = MattWork-PC | Source = Service Control Manager | ID = 7000
Description = The Hardlock service failed to start due to the following error:   %%1275
 
Error - 28/11/2012 20:57:19 | Computer Name = MattWork-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 29/11/2012 19:16:30 | Computer Name = MattWork-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\Haspnt.sys has been blocked from loading
 due to incompatibility with this system. Please contact your software vendor for
 a compatible version of the driver.
 
Error - 29/11/2012 19:16:30 | Computer Name = MattWork-PC | Source = Service Control Manager | ID = 7000
Description = The Haspnt service failed to start due to the following error:   %%1275
 
Error - 29/11/2012 19:16:34 | Computer Name = MattWork-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\hardlock.sys has been blocked from
 loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 29/11/2012 19:16:34 | Computer Name = MattWork-PC | Source = Service Control Manager | ID = 7000
Description = The Hardlock service failed to start due to the following error:   %%1275
 
Error - 01/12/2012 10:01:17 | Computer Name = MattWork-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
 
< End of report >


Edited by damanic, 03 December 2012 - 03:59 AM.


#15 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:11:18 PM

Posted 03 December 2012 - 08:48 AM

Hi,




how is your computer running at the moment?
Do you still recognize problems that might be malware related?






Step 1
Going over your logs I noticed that you have Vuze installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you as you can use the program for legit downloads as well. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.





Step 2
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    [2011/09/27 09:41:02 | 000,000,336 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
    
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • You can find the report under C:\_OTL\MovedFiles\<time_date>.txt as well.





What you should post with your next answer:
  • an answer to my questions,
  • the logfile from OTL.

Regards,
M-K-D-B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users