Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I clicked on a link [Solved]

Started by FUState , Oct 13 2012 11:47 AM

  • This topic is locked This topic is locked

#1
FUState
Posted 13 October 2012 - 11:47 AM

FUState

    Member

  • Member
  • PipPipPip
  • 214 posts
I was foolish... and clicked on the link below. I am posting the link because I'm sure it is the reason why my PC keeps crashing. Perhaps one of you has the smarts to know what this link does without it affecting your pc...

*** Do not click on it ***
hxxp://www.sendspace.com/pro/dl/x0r8nu
*** Do not click on it ***

Please help, I'm an idiot for clicking on this, I receive so many links from friends, this one just actually looked like it was legitimate :/

If it is not the reason, my description of what is happening.

Basically Internet Explorer runs crappy (some would argue this is normal) ;)
I am now running Safari to post this as I cannot go far in Internet Explorer before it... then my PC freezes.

Edited by maser00, 13 October 2012 - 11:50 AM.
Made link unclickable

  • 0

Advertisements

#2
Aaron
Posted 13 October 2012 - 11:54 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Welcome at Geeks to Go ;) !
My name is Aaron and I will be helping you with your computer problem(s).

A few things:
  • Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
  • Advanced malware isn't correctly removed in a few minutes, it will take take some time to analyse your system, removing the malware and analysing your system again for leftovers.
  • If you have any questions, don't hesitate to ask!

It is possible to get infected by files posted on Sendspace, this file however seems to be deleted. Nevertheless, let's check your pc.

Please download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows and programs are closed to let it run uninterrupted.
  • Select All Users.
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the content of OTL.Txt and paste it in your next post. Do the same for Extras.Txt.

- Maser00
  • 0

#3
FUState
Posted 13 October 2012 - 12:04 PM

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts
Thanks for the rapid response!!!

OTL ***


OTL logfile created on: 13/10/2012 11:59:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Henry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.98 Gb Total Physical Memory | 14.01 Gb Available Physical Memory | 87.66% Memory free
31.97 Gb Paging File | 29.86 Gb Available in Paging File | 93.41% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 28.03 Gb Total Space | 1.80 Gb Free Space | 6.41% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 131.21 Gb Free Space | 28.17% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 226.80 Gb Free Space | 97.39% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 773.61 Gb Free Space | 83.05% Space Free | Partition Type: NTFS
Drive J: | 5.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HENRY-PC | User Name: Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/13 11:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.com
PRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/07/27 14:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- G:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/07/11 15:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- G:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- G:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/08/25 00:00:00 | 000,095,560 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
PRC - [2010/08/25 00:00:00 | 000,020,808 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/06/13 11:35:23 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/13 11:35:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 11:34:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/30 08:29:31 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/05/10 17:18:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 17:17:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 17:17:42 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/22 14:22:47 | 000,062,792 | ---- | M] () -- C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- G:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- G:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- G:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- G:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- G:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/08 15:47:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/08/30 13:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- G:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 00:00:00 | 000,020,808 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/07 03:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/03/07 03:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/13 05:58:00 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/08/09 11:13:31 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 2F 52 26 04 61 CC 01 [binary data]
IE - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.6
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: G:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\Programs\MSOFFI~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: G:\Programs\MSOFFI~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: H:\My Documents\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/22 12:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: G:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 12:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: G:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/06 14:34:39 | 000,000,000 | ---D | M] (No name found) -- H:\My Documents\AppData\Roaming\Mozilla\Extensions
[2012/03/15 20:43:20 | 000,000,000 | ---D | M] (No name found) -- H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\extensions
[2012/03/15 20:43:20 | 000,000,000 | ---D | M] (No name found) -- H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\extensions\staged
[2011/12/17 20:43:35 | 000,345,279 | ---- | M] () (No name found) -- H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/03/15 20:43:19 | 000,341,921 | ---- | M] () (No name found) -- H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\extensions\staged\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/02/08 12:24:52 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/08 12:24:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- G:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/22 12:57:42 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- G:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/09/29 00:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- G:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- G:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/09/10 13:12:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\Programs\MS Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] G:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] G:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] G:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ConnectionManager] C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LWS] G:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [WinampAgent] G:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000..\Run: [Adobe Acrobat Synchronizer] G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000..\Run: [Facebook Update] H:\My Documents\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1001..\Run: [Sidebar] G:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1586509834-1888703833-2248947157-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - G:\Programs\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - G:\Programs\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Programs\MS Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - G:\Programs\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programs\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programs\MS Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programs\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programs\MS Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A938B65-CCE2-4247-9C10-B8979856F4E8}: DhcpNameServer = 70.28.245.255 204.101.237.136
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{628E845E-EAEA-44F9-A283-2CF315F86F06}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/01 23:37:01 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/13 11:57:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.com
[2012/10/09 16:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2012/09/20 10:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/09/20 10:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/20 10:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/14 18:49:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/14 11:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/09/14 11:55:28 | 000,000,000 | ---D | C] -- C:\temp
[2012/09/13 14:25:08 | 000,000,000 | ---D | C] -- C:\Users\Henry\Desktop\mflpro
[1 C:\Users\Henry\Desktop\*.tmp files -> C:\Users\Henry\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/13 11:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henry\Desktop\OTL.com
[2012/10/13 11:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/13 11:46:22 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 11:46:22 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 11:43:35 | 000,782,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/13 11:43:35 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/13 11:43:35 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/13 11:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 15:10:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1586509834-1888703833-2248947157-1000UA.job
[2012/10/12 15:10:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1586509834-1888703833-2248947157-1000Core.job
[2012/10/04 14:22:09 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/10/02 17:18:34 | 000,001,547 | ---- | M] () -- C:\Users\Henry\Desktop\Windows Media Player.lnk
[2012/09/26 18:06:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2012/09/20 10:15:16 | 000,001,548 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/13 14:26:53 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD7840W.DAT
[2012/09/13 14:26:39 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bd7840w.dat
[1 C:\Users\Henry\Desktop\*.tmp files -> C:\Users\Henry\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/02 17:18:34 | 000,001,547 | ---- | C] () -- C:\Users\Henry\Desktop\Windows Media Player.lnk
[2012/09/20 10:15:16 | 000,001,548 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/02 13:08:31 | 000,000,056 | ---- | C] () -- C:\Windows\ArcPad.INI
[2011/11/29 18:27:35 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2011/08/29 19:25:15 | 005,833,446 | ---- | C] () -- H:\My Documents\AppData\Local\Temp11-08-10 Bernie Car Police Report.jpg
[2011/08/29 16:27:12 | 000,007,631 | ---- | C] () -- H:\My Documents\AppData\Local\Resmon.ResmonCfg
[2011/08/29 12:09:28 | 000,000,334 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/08/29 12:09:28 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/08/29 12:09:07 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/08/26 14:33:51 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/26 14:29:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/26 14:29:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/08/22 14:23:13 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/08/22 13:28:07 | 000,791,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/19 21:10:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/08/19 21:05:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



< End of report >

Extras ***


OTL Extras logfile created on: 13/10/2012 11:59:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Henry\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.98 Gb Total Physical Memory | 14.01 Gb Available Physical Memory | 87.66% Memory free
31.97 Gb Paging File | 29.86 Gb Available in Paging File | 93.41% Paging File free
Paging file location(s): e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 28.03 Gb Total Space | 1.80 Gb Free Space | 6.41% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 131.21 Gb Free Space | 28.17% Space Free | Partition Type: NTFS
Drive G: | 232.88 Gb Total Space | 226.80 Gb Free Space | 97.39% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 773.61 Gb Free Space | 83.05% Space Free | Partition Type: NTFS
Drive J: | 5.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HENRY-PC | User Name: Henry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "G:\Programs\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Programs\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "G:\Programs\MS Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Programs\MS Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8E5E79-37F3-4D46-ABD8-ACEAFBC2E907}" = lport=445 | protocol=6 | dir=in | app=system |
"{0E46FBC0-688F-43D5-B88F-FF2920F4BA1B}" = rport=13531 | protocol=6 | dir=out | name=tcp simply outbound |
"{1001C483-3BFC-4F87-9802-F801398E5851}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CE170C2-94AA-4B19-A3D5-88772DE92E22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2EAAF497-E1EC-4DD9-993F-DE246223DB1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31B65C4B-909F-48FC-8A96-544B5703B313}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{34A0C5CF-F3B1-4708-B430-0DFB6E78D94C}" = lport=139 | protocol=6 | dir=in | app=system |
"{436E2468-7B37-4D96-9968-39455098A934}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{539AD52D-69CD-444A-B644-D87C19B97B4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{53DFDDD3-F2AF-4D77-B29B-32296C39C467}" = lport=137 | protocol=17 | dir=in | app=system |
"{62C4ACA9-1276-4A57-9A0A-59BE68B3BBBA}" = rport=13531 | protocol=17 | dir=out | name=udp simply outbound |
"{630C9B6A-5EDA-4534-9A8C-14090FD0FDC3}" = rport=138 | protocol=17 | dir=out | app=system |
"{6420EE3B-7FA5-49BA-8245-354A1C0195D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{69ED2E5B-D944-45CB-898E-1D8DBFC9DB5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{729B9098-176D-4A80-A929-D92C10204458}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72F838B8-93AE-4675-A518-8505BA831951}" = lport=6004 | protocol=17 | dir=in | app=g:\programs\ms office\office14\outlook.exe |
"{7A70FE87-6CF3-4657-901E-90452DB99A12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{879349DE-72E3-48BA-A0DC-306ED2D2EDD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{983D3286-CC60-42B4-B5A6-42B36891C709}" = rport=137 | protocol=17 | dir=out | app=system |
"{A372E97B-CCB3-4F7D-A32D-55E780DAE840}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AAADAE5E-D490-49CF-B0FD-AF3531A2C86E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B9100887-B335-426A-BE07-F3578942A19D}" = rport=445 | protocol=6 | dir=out | app=system |
"{C571D476-3B7C-4A85-B30F-8081B06C2BC0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D16ED922-F56A-4005-A8C0-74ECA58B1225}" = lport=13531 | protocol=17 | dir=in | name=udp simply inbound |
"{D710C443-D56E-4E8D-AB93-135B61D9C0CD}" = lport=13531 | protocol=6 | dir=in | name=tcp simply inbound port |
"{DC18B0EE-7948-4628-AA33-DF500E12E5BF}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{EF0D86A7-CE0E-466E-8042-D2D7953DDB97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FA410880-DD96-4844-BEF0-3E49E5EA803E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E6064B-D40E-4674-9C23-7C4347CDA3A4}" = protocol=6 | dir=in | app=c:\program files (x86)\winsim\transactionmanager2011 - cdn\sage_sa.transactionmanager.exe |
"{06E989F1-69AF-4EBF-8AE6-95F7318C4C24}" = protocol=58 | dir=in | [email protected],-28545 |
"{08F7533D-C137-4180-A90B-67122AE89D5F}" = protocol=17 | dir=in | app=g:\programs\simply accounting\simplyurl.exe |
"{0F4263F0-DAF1-4897-AC73-76DEF4A99947}" = protocol=6 | dir=in | app=g:\programs\simply accounting\conversion\simconv160\sage_sa_conv160.exe |
"{0F62523A-40AD-42FC-A606-F309C57BBC47}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11713E9C-004A-4D47-8C4E-8C8028C28C5B}" = protocol=17 | dir=in | app=g:\programs\simply accounting\conversion\simconv160\sage_sa_conv160.exe |
"{15FF1E3D-D0D6-4907-9510-361D7F927BDA}" = protocol=17 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\simply.systemtrayicon.exe |
"{192229EC-0866-4B61-9A70-58674438F6F2}" = protocol=17 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqld-nt.exe |
"{1EA576CC-AB44-4664-8B1F-07225AB496CC}" = protocol=6 | dir=in | app=g:\programs\simply accounting\simplyurl.exe |
"{25CC4926-D674-4CD4-B5A1-FB3F0FE6A83D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2790B64E-7270-4A3F-951D-A6E23A305378}" = protocol=17 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqladmin.exe |
"{2F62E21E-CB6F-4704-A206-FCB2290D9DF0}" = protocol=17 | dir=in | app=g:\programs\simply accounting\logsubmitter\sage_sa_errorlogsubmitter.exe |
"{391DCC46-8CE6-4A58-86DE-702EFE3D0D8E}" = protocol=6 | dir=in | app=g:\programs\simply accounting\dbverifier\sage_sa_dbverifier.exe |
"{4DB40349-BBF7-4AC2-8FB6-73ECC0F75947}" = protocol=6 | dir=in | app=g:\programs\ms office\office14\onenote.exe |
"{4E66406D-1EF5-452C-9069-F801822342DC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{51D9F7F2-0011-4DB4-9317-274709409E1F}" = protocol=1 | dir=in | [email protected],-28543 |
"{5317C1EC-E634-41FC-B603-F1AFBF75438A}" = protocol=6 | dir=in | app=g:\programs\simply accounting\conversion\simconv170\sage_sa_conv170.exe |
"{53A5D5A5-0B91-42F4-8CFC-1E23B4685DE8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5ECA825B-E92B-427D-89C3-C45C48262A99}" = protocol=6 | dir=in | app=g:\programs\simply accounting\conversion\upgradejet\sage_sa_upgradejet.exe |
"{6A773C8D-79B3-40AA-949A-7C673EE433E4}" = dir=in | app=g:\programs\itunes\itunes.exe |
"{6B204192-51F8-473C-999A-CD47CA21CF3A}" = protocol=6 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\simplyconnectionmanager.exe |
"{76C1415F-498A-47B5-95DF-56A3C45269FE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7AE9519D-E136-4020-9F1B-3DE559589F2C}" = protocol=6 | dir=in | app=g:\programs\simply accounting\sage_sa_policy.exe |
"{835C3AEE-5959-417D-AA3F-D889CDB37EB5}" = protocol=17 | dir=in | app=g:\programs\simply accounting\simplyaccounting.exe |
"{89E8E849-EA67-4591-98E5-9F0DB8145348}" = protocol=6 | dir=in | app=g:\programs\simply accounting\sage_sa_upload.exe |
"{8C40DCCF-E215-4EDD-9D31-A2BA95B1CB71}" = protocol=17 | dir=in | app=g:\programs\simply accounting\conversion\upgradejet\sage_sa_upgradejet.exe |
"{916E3DDD-3A5F-4E42-9377-308E6ED2ECC8}" = protocol=17 | dir=in | app=g:\programs\ms office\office14\onenote.exe |
"{91B23EC8-47C1-4CAE-923C-DDD086A45EE4}" = protocol=6 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\simply.systemtrayicon.exe |
"{9976BA80-E31F-492D-BEDC-9810B486C0BF}" = protocol=6 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqladmin.exe |
"{A8C16A0C-BFA0-41A8-94A5-6F804ABD4CC8}" = protocol=17 | dir=in | app=g:\programs\simply accounting\dbverifier\sage_sa_dbverifier.exe |
"{A9B155B5-E83A-4BE0-886A-99C6D2D3401A}" = protocol=17 | dir=in | app=g:\programs\simply accounting\sage_sa_upload.exe |
"{AAFB7796-9B21-4BAD-9CB6-4A6E8BD09BE4}" = protocol=6 | dir=in | app=g:\programs\simply accounting\tst\sage_sa_tst.exe |
"{AC572DF7-C363-43EC-8C2D-80E80A6F4FFB}" = protocol=17 | dir=in | app=g:\programs\simply accounting\conversion\simconv170\sage_sa_conv170.exe |
"{B1196220-A89C-4B1D-82C0-3D5CEA1CC2B7}" = protocol=6 | dir=in | app=g:\programs\simply accounting\conversion\simconv180\sage_sa_conv180.exe |
"{BE3104C4-6BEA-4609-91D8-29F5B8C8B239}" = protocol=17 | dir=in | app=g:\program files\bonjour\mdnsresponder.exe |
"{C04E3990-A13E-4E51-BC0E-B6339FD41D00}" = protocol=17 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\simplyconnectionmanager.exe |
"{C0F30314-283A-4197-83CF-2BFD5DD47B7A}" = protocol=17 | dir=in | app=g:\programs\simply accounting\conversion\simconv150\sage_sa_conv150.exe |
"{C31C8E6B-AB85-44CB-B5B2-D28D9D4E425F}" = protocol=58 | dir=out | [email protected],-28546 |
"{C62E2F4A-EC8E-4A8E-ADCE-78F859CBA9D4}" = protocol=6 | dir=in | app=g:\programs\simply accounting\conversion\simconv150\sage_sa_conv150.exe |
"{CC57E699-29F9-4667-9927-6F5657B0F6FF}" = dir=in | app=h:\my documents\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DA0D841F-8B9C-4BFB-9488-5D78976951E4}" = protocol=17 | dir=in | app=g:\programs\simply accounting\conversion\simconv180\sage_sa_conv180.exe |
"{DF9D6EA1-EF6E-4EC1-A1A1-69279BAE8540}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFD2C4A0-3A31-43C6-8A44-441FD3E7B0F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E0973587-6EBB-4B00-AC0D-944E1A29B42C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E21CB23B-A682-47BF-8379-BCAA09CD51C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E27BB15D-9409-47B5-AA27-9C8CDA75376E}" = protocol=17 | dir=in | app=c:\program files (x86)\winsim\transactionmanager2011 - cdn\sage_sa.transactionmanager.exe |
"{E2B0529D-2B02-4C05-A173-8038A765E56C}" = protocol=6 | dir=in | app=g:\programs\simply accounting\logsubmitter\sage_sa_errorlogsubmitter.exe |
"{E56B08E2-24FC-42AB-A4E7-7D88D05CCD03}" = protocol=6 | dir=in | app=g:\programs\simply accounting\simplyaccounting.exe |
"{E6745CAB-7430-431D-8431-F66C083B7535}" = protocol=17 | dir=in | app=g:\programs\simply accounting\tst\sage_sa_tst.exe |
"{E894DDAF-65B8-4082-9900-598C8C21EEAD}" = protocol=6 | dir=in | app=c:\program files (x86)\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqld-nt.exe |
"{ED1CDAD1-AB84-450F-96FC-48ED0394D536}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF377DCD-51DC-45BE-949C-8C396F8CEC82}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F7DE97FD-E8F3-4A21-BE3F-24DD3F5DC619}" = protocol=17 | dir=in | app=g:\programs\simply accounting\sage_sa_policy.exe |
"{FAC3E2D4-BC11-4213-85BB-A13ECDA6FEFD}" = protocol=6 | dir=in | app=g:\program files\bonjour\mdnsresponder.exe |
"{FC04E5E6-2776-43B4-B441-B799602AC251}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{227DE79F-2FF6-46F5-AF4C-3DB683D02B37}G:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=g:\program files (x86)\winamp\winamp.exe |
"TCP Query User{CE370BAB-362E-4767-81EE-57892B592BC6}G:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=g:\program files (x86)\winamp\winamp.exe |
"TCP Query User{E256F112-DC95-45E1-8C7C-CFB767E365F4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5D428916-A6C3-49B8-BC18-F3D08BFA9B5B}G:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=g:\program files (x86)\winamp\winamp.exe |
"UDP Query User{A79FDD3F-4434-4FAD-9D7D-24ED375C2F34}G:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=g:\program files (x86)\winamp\winamp.exe |
"UDP Query User{ABC39313-1BEE-43C3-A7FF-88208B016EB4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{29917C5E-C8DA-48E6-B20D-03AD7FC155E5}" = Sage Simply Accounting 2011
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{53AB83B3-9908-44DF-97B5-C107140F26AD}" = Sage Simply Accounting 2011
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A760067A-C07E-1033-0000-A764AC000005}" = Avery Template
"{AB5AEAEB-0F29-422B-A172-ACE1A9011AD3}" = The Logger's Edge 4.7.15.0
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBC88A6A-2C84-4F08-9CFD-C6AC6B43BEC3}" = Sage Simply Accounting 2011
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{FBACE6AE-C7C8-4C74-8418-A19F69F002AD}" = EFT Direct for Sage Simply Accounting 2011
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ESRI ArcPad 7.1" = ESRI ArcPad 7.1
"InstallShield_{53AB83B3-9908-44DF-97B5-C107140F26AD}" = Sage Simply Accounting 2011
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Rapport_msi" = Rapport
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1586509834-1888703833-2248947157-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2f8d25aeed0b3ae4" = Sage Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2012 6:07:16 PM | Computer Name = Henry-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b7c Start
Time: 01cda8c5cf3b350a Termination Time: 67 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 12/10/2012 6:10:11 PM | Computer Name = Henry-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 199c Start
Time: 01cda8c63f3d7c36 Termination Time: 27 Application Path: G:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 13/10/2012 12:57:19 PM | Computer Name = Henry-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2012 1:08:28 PM | Computer Name = Henry-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1560 Start
Time: 01cda9640d88699b Termination Time: 64 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 13/10/2012 1:17:50 PM | Computer Name = Henry-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2012 1:18:38 PM | Computer Name = Henry-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()
failed. System Error: 0xC0000039 (unresolvable).

Error - 13/10/2012 1:18:39 PM | Computer Name = Henry-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()
failed. System Error: 0xC0000039 (unresolvable).

Error - 13/10/2012 1:27:08 PM | Computer Name = Henry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,
time stamp: 0x503754ef Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process
id: 0xc4 Faulting application start time: 0x01cda967ed6f2956 Faulting application
path: G:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 36aa9d12-155b-11e2-946d-1c6f65c63558

Error - 13/10/2012 1:37:15 PM | Computer Name = Henry-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2012 1:40:59 PM | Computer Name = Henry-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 09/10/2012 1:11:14 PM | Computer Name = Henry-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom1, is not ready for access yet.

Error - 09/10/2012 1:11:14 PM | Computer Name = Henry-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom1, is not ready for access yet.

Error - 09/10/2012 1:11:14 PM | Computer Name = Henry-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.

Error - 09/10/2012 1:11:14 PM | Computer Name = Henry-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom1, is not ready for access yet.

Error - 10/10/2012 8:52:22 PM | Computer Name = Henry-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom1, is not ready for access yet.

Error - 10/10/2012 8:52:22 PM | Computer Name = Henry-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom1, is not ready for access yet.

Error - 10/10/2012 8:52:22 PM | Computer Name = Henry-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom1, is not ready for access yet.

Error - 10/10/2012 8:52:23 PM | Computer Name = Henry-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 12/10/2012 2:59:20 PM | Computer Name = Henry-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 13/10/2012 1:16:11 PM | Computer Name = Henry-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:12:26 AM on ?13/?10/?2012 was unexpected.


< End of report >
  • 0

#4
Aaron
Posted 13 October 2012 - 12:38 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Looks pretty good so far.
Is it only IE thats freezing/crashing your computer? Do you have other problems too? Did you download a file from Sendspace?

============ Step one ============

Download aswMBR.exe to your desktop.

1. Double click the aswMBR.exe to run it
2. Click the "Scan" button to start scan
Note: if you use Avast, please disable the automatic scan: put AV engine to None.
Posted Image

3. On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

============ Step two ============

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

- Maser00
  • 0

#5
FUState
Posted 13 October 2012 - 03:49 PM

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts
ASWMBR ***

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 12:50:02
-----------------------------
12:50:02.525 OS Version: Windows x64 6.1.7601 Service Pack 1
12:50:02.525 Number of processors: 4 586 0x2A07
12:50:02.525 ComputerName: HENRY-PC UserName: Henry
12:50:02.636 Initialize success
12:52:38.233 AVAST engine defs: 12101301
12:54:43.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
12:54:43.195 Disk 0 Vendor: Patriot_Torqx_TRB_32GB_SSD 100730 Size: 28807MB BusType: 3
12:54:43.198 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-5
12:54:43.201 Disk 1 Vendor: ST3500630AS 3.AAE Size: 476940MB BusType: 3
12:54:43.204 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-6
12:54:43.206 Disk 2 Vendor: ST3250410AS 3.AAF Size: 238475MB BusType: 3
12:54:43.210 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP5T1L0-8
12:54:43.213 Disk 3 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3
12:54:43.217 Disk 0 MBR read successfully
12:54:43.220 Disk 0 MBR scan
12:54:43.228 Disk 0 Windows 7 default MBR code
12:54:43.233 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:54:43.239 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 28705 MB offset 206848
12:54:43.481 Disk 0 scanning C:\Windows\system32\drivers
12:54:46.455 Service scanning
12:54:53.269 Modules scanning
12:54:53.276 Disk 0 trace - called modules:
12:54:53.283 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:54:53.288 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d918060]
12:54:53.294 3 CLASSPNP.SYS[fffff8800198a43f] -> nt!IofCallDriver -> [0xfffffa800d5bd520]
12:54:53.299 5 ACPI.sys[fffff88000f597a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa800d5b5680]
12:54:53.402 AVAST engine scan C:\Windows
12:54:53.708 AVAST engine scan C:\Windows\system32
12:55:54.826 AVAST engine scan C:\Windows\system32\drivers
12:55:58.067 AVAST engine scan C:\Users\Henry
12:56:07.135 AVAST engine scan C:\ProgramData
12:56:33.922 Scan finished successfully
15:43:54.992 Disk 0 MBR has been saved successfully to "C:\Users\Henry\Desktop\MBR.dat"
15:43:54.997 The log file has been saved successfully to "C:\Users\Henry\Desktop\aswMBR.txt"




MBAM ***


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Henry :: HENRY-PC [administrator]

13/10/2012 3:46:24 PM
mbam-log-2012-10-13 (15-46-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256565
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
FUState
Posted 13 October 2012 - 03:53 PM

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts
Forgot to answer your questions.
Yes, it seems to be only IE that causes the crash. I've run this computer now for a few hours with no hiccups and nothing strange that I've noticed.
I don't know if this is coincidence, but it seems like it was on logon screens where IE crashed... so I'm not sure if that has anything to do with it...
Come to think of it, the file was gone already when I clicked on the link... so... I forgot about that (received a few files around the same time by email)... My brains all broken... I just had this start around the same time so I had associated the two, and then the person who sent me the link told me they had not sent it... so I assumed automated message.
  • 0

#7
Aaron
Posted 14 October 2012 - 01:21 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Logs are looking good, so I don't think there is malware on your pc.

First run these two tools, they might find might eg. some plugins in IE which can be responsible for this:

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


As a last check, you should do a quickscan at Bitdefender.

Please run a Bitdefender Online Virus Scan by following the instructions below:
  • Click this link to visit the Bitdeneder Online Virus Scan website.
  • Click on the green start scanner button in the middle of the screen.
  • Click the gray Continue button to the left.
  • Click the green Scan now button (you may need to scroll down to see it).
  • A little yellowish bar may pop up at the top of the page to notify you that the website is trying to install an add-on. Click on that yellowish bar and select to install the add-on.
  • If you had to install the add-on, then Internet Explorer will reload the page, and you will be back on step 2. Repeat steps 2 thru 4 again.
  • You may now be presented with a Security Warning popup asking if you want to install something from Bitdefender. Go ahead and click the Install button.
  • You should now be asked to accept the license agreement. You will need to click the I ACCEPT box in the lower-left corner before you can click on the OK button to continue.
  • The scan will begin running. This could take more than a few minutes.
  • Once it is done, it will tell you whether or not it found anything. Avoid removing anything for now, and click on the View report link.
  • Notepad will open with a copy of the report. Please save this on your desktop, and attach it to a reply by clicking on the More Reply Options button to the lower-right of where you type out your reply.

Resetting IE, might help you too: http://windows.micro...rnet-Explorer-9
Please do these insctructions and test your pc for a few hours-day and tell me if it helped ;)

- Maser00
  • 0

#8
FUState
Posted 15 October 2012 - 01:25 PM

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts
I have not had issues with my computer today, it seems to be running fine now... even on the webpages that it was crashing earlier, so far it has been great!
I ran adwcleaner anyway, then realized maybe I should ask first before proceeding.
Should I run the other two items as well even if it appears fine now?

Adwlog ***

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 13:14:07
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Henry - HENRY-PC
# Boot Mode : Normal
# Running from : C:\Users\Henry\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (en-US)

Profile name : default
File : H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\prefs.js

[OK] File is clean.

Profile name : default
File : H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\prefs.js

[OK] File is clean.

Profile name : default
File : H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1429 octets] - [15/10/2012 13:14:07]

########## EOF - C:\AdwCleaner[S1].txt - [1489 octets] ##########
  • 0

#9
Aaron
Posted 15 October 2012 - 02:07 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Yes, those are an extra check ;) Adwcleaner just removes some crap software from your pc :P
  • 0

#10
FUState
Posted 15 October 2012 - 04:45 PM

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts
I've been suffering interruptions of the human variety today, so my computer time has been scarce.
Now that the scanse are completed, I have the logs below!

*** RogueKiller ***

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Henry [Admin rights]
Mode : Remove -- Date : 10/15/2012 16:39:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Documents and Settings\Administrator\NTUSER.DAT
-> E:\Documents and Settings\All Users\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\Henry\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT
-> E:\Documents and Settings\Owner\NTUSER.DAT
-> E:\Documents and Settings\UpdatusUser\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Patriot Torqx TRB 32GB SSD ATA Device +++++
--- User ---
[MBR] 975b1bc35bcdcdf46f982070bd4efc9c
[BSP] a601349bafcfb3ac028be510d31dd303 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 28705 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500630AS ATA Device +++++
--- User ---
[MBR] aa76db55e9febf4a03ac3b4fc12e2d7f
[BSP] 50b31ba04c76aa8f544923d0c9060a76 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST3250410AS ATA Device +++++
--- User ---
[MBR] 1b17103cff83a4493ff8713dcd674875
[BSP] dd6f50572ed8ecb7f52935680444a1d3 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 238474 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD1002FAEX-00Y9A0 ATA Device +++++
--- User ---
[MBR] 117cd883c3e6d09f8c49f1521505c73a
[BSP] 3e859a73702c2226490ca45a91a0f88e : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt





*** Bitdefender ***

QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Mon Oct 15 16:41:16 2012
Machine ID: 48AA8725



No infection found.
-------------------



Processes
---------
AcroTray - Adobe Acrobat Distiller help 3516 G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
Adobe Acrobat Update Service 1928 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Adobe Photoshop Elements 1852 G:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
Bing Desktop 2008 C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
Brother Status Monitor Application 3576 C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
Brother Status Monitor Application 3696 C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
iCloud 3328 C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
iTunes 3848 G:\Programs\iTunes\iTunesHelper.exe
Logitech Camera Software 3732 G:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
Logitech Webcam Software 1188 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
MobileDeviceService 1952 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NVIDIA Update Components 1988 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Rapport 168 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
Rapport 2928 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
Sage Simply Accounting Connection Manag 3380 C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
Sage Simply Accounting Connection Manag 1564 C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
Stereo Vision Control Panel API Server 852 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Winamp Agent 3452 G:\Program Files (x86)\Winamp\winampa.exe
Windows® Internet Explorer 1412 G:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 2772 G:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 4700 G:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 4820 G:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 74.125.129.121
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 74.125.129.121
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.12
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.12
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.12
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.6
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.6
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.13
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.13
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.13
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.13
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 216.137.33.69
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 216.137.33.69
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.25
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 173.194.33.25
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 107.21.99.152
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 107.21.99.152
Process iexplore.exe (1412) connected on port 80 (HTTP) --> 198.144.112.57
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 74.125.129.94
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 74.125.129.94
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 74.125.129.94
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 74.125.129.94
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 74.125.129.104
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 74.125.129.104
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 107.21.99.152
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 107.21.99.152
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 174.47.188.7
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 174.47.188.8
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 209.87.180.2
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 184.173.143.50
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 184.173.143.50
Process iexplore.exe (4700) connected on port 443 (HTTP over SSL) --> 173.194.33.26
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 173.194.33.26
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 184.172.28.153
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 72.21.81.253
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 216.38.170.130
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 216.38.170.130
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 173.194.33.13
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 173.194.33.13
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 184.172.28.158
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 173.194.33.25
Process iexplore.exe (4700) connected on port 80 (HTTP) --> 173.194.33.25
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 184.30.111.139
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 184.30.111.139
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 66.235.155.28
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 66.235.155.28
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 173.194.33.6
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 173.194.33.6
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 173.194.33.6
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 192.204.82.218
Process iexplore.exe (4820) connected on port 80 (HTTP) --> 192.204.82.218
Process iexplore.exe (4820) connected on port 443 (HTTP over SSL) --> 184.30.98.110
Process iexplore.exe (4820) connected on port 443 (HTTP over SSL) --> 184.30.98.110

Process SimplyConnectionManager.exe (1564) listens on ports: 13531


Autoruns and critical files
---------------------------
AcroTray - Adobe Acrobat Distiller help G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
Adobe Acrobat G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AdobeCollabSync.exe G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Bing Desktop C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
Brother Status Monitor Application C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
ControlCenter C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
Facebook Update H:\My Documents\AppData\Local\Facebook\Update\FacebookUpdate.exe
iCloud C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
iTunes G:\Programs\iTunes\iTunesHelper.exe
Logitech Camera Software G:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
Sage Simply Accounting Connection Manag C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
Winamp Agent G:\Program Files (x86)\Winamp\winampa.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
Adobe PDF Toolbar for IE C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\Manager.exe
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour G:\Program Files\Bonjour\mdnsNSP.dll
Facebook Video Calling Plugin H:\My Documents\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FlashGot.exe H:\My Documents\AppData\Roaming\Mozilla\Firefox\Profiles\dc9f4ma7.default\FlashGot.exe
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Microsoft Office 2010 G:\Programs\MS Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 G:\Programs\MS Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 g:\programs\ms office\office14\urlredir.dll
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
npitunes.dll G:\Programs\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32_11_4_402_287.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
Skype Toolbars C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Missing files
-------------
File not found: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"MobileDocuments"


Scan
----
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 4d5d968fe6ae6bf94a807f73f7ff6b3d C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
MD5: f8acd567baeaab22b0f2cc9b9145a080 C:\Program Files (x86)\Brother\Brmfcmon\BRMFCWNDEng.dll
MD5: 03ed4235f1e428a79b86287e6ad108f4 C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
MD5: 06e5be3fa89f049b72f25830cdc17dfd C:\Program Files (x86)\Brother\Brmfcmon\BroSNMP.dll
MD5: b11f7db91e12bbca71be88bfb2120faf C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MD5: 4de3ef07e0854547309c6b40235a9d44 C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
MD5: 37572cbc7c357d233704165a629eb1b4 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
MD5: 6cd44651413ce8f6f8a66760b027d23c C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: ba0ed7aa3c36a8da27ded1d6b3508158 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: d19c4ee2ac7c47b8f5f84fff1a789d8a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 60c079cb2150760263d1fe5ff6218961 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 82cc8f77e9ec61c6b4d48dd4d5ca78e7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: ba02f01be7ed88e8974c798acb3075f5 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: af54247f97ccf3539de7505c09972ff9 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 5f3347eba403ee64780980a5baf10304 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: e2d1853679f5bccdb9100d02ae8a0444 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\Foundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 09b7e7cd6f202247b3cf2306108589c2 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: a3609397ef273b03295dbb10274be12c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 9cb819197e6b2fd3dc0429e3dc1ccfdd C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 32d78dcabfb942275e01363d5232c77d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: d339d7f6e52aecca9c0898cb547b2902 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 9f31bb590a5ac171b585b619b7ea6e58 C:\Program Files (x86)\Common Files\Apple\Internet Services\AOSKit.dll
MD5: 19be881a9cc0a9cc5e6bba43202a41aa C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MD5: 8cd8bf374e87957f8f6e8ce4c14e3f29 C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices_main.dll
MD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 4e4edf9ca82e95bab2977dd9f21b00f6 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 0e1b02c9cc352a1f61703b7d1a8a2c45 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 67a95b9d129ed5399e7965cd09cf30e7 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
MD5: 156399dae7a45d83827d1b9fb0a53df2 C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\Main_Help.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 9013599b12923a45c029c34e8d2211ac C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
MD5: 48b1ff4bc51c3489129cafb511a92e0b C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
MD5: 1b63f2b7ca6b5290cc124cdd07520bc9 C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
MD5: 4a5ebf51437b6a8be8fe17191e04d5a0 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: a887311eafa5946fc3e03997a24b2033 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: a766ccad980235ff34e7f8089d3175a3 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: 322b69422836f97b76f4aa59b47507ba C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
MD5: 916a2c4eb028604783fd5ea169236c1d C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: 70ce1da6684a7043b0008c2f2e286e27 C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
MD5: dd57b8b38ecbda8e91ab4f2aae2e156f C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeBrowserOptions.dll
MD5: bd2998e8210756c7756935ce68bee0d7 C:\Program Files (x86)\Skype\Toolbars\Shared\SkypePnr.dll
MD5: f07af60b152221472fbdb2fecec4896d C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: 893e0152d1ea2748e1b0772fbe8127d0 C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MD5: ac0e465a91be7adc6713ed96a20f70d3 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKoan.DLL
MD5: 65aa99cb303ba21f9acc8c1374a14798 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
MD5: b3b93095ac132481f7ec951dd9d14b8d C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
MD5: 5c31f49a1d09ed34c59f4ef77972d878 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll
MD5: 4c089fa7ce5ff366e32be3b3aea71ed1 c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll
MD5: 58f6adae5e04a178349dc76124269da2 c:\program files (x86)\trusteer\rapport\bin\rookscom.dll
MD5: 6037eef7eb7ea12608eae2ca92aed509 c:\program files (x86)\trusteer\rapport\bin\rooksdol.dll
MD5: 9e0ffc5eeea5fec75560f394b63022be C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
MD5: 3a5a19f62c21e39b863666a561804d31 C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
MD5: a7076df0901d8c2e230e1bea738c4714 C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
MD5: a828fc028ba36e2813d710599645d30f C:\Program Files (x86)\Winsim\TransactionManager2011 - CDN\Sage_SA.TransactionManager.exe
MD5: e3bf29ced96790cdaafa981ffddf53a3 C:\Program Files\Windows Sidebar\sidebar.exe
MD5: 5db99bbd7a50f2a45a5118d9532064c4 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll
MD5: 29820425d7b6407793c8c0acb9622ff0 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll
MD5: ad943a91bc85d44792f2ef32f436216b C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll
MD5: 00935d8da2dcd34017544cfeba97d1e7 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
MD5: b076a8c175d93fbb569dd9b10307cde2 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
MD5: 5beb722294c6a21bbe79e816f4e933da C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MD5: b7ab636643f405839cb3d1684145651c C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll
MD5: 9c17dcd6ddfeb1a012544faf4f2789f6 C:\Windows\AppPatch\AcGenral.DLL
MD5: 77f72772b89ffa2f3a47e24bc32cdb0b C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll
MD5: c2335d714efafffb4c7a3c164f2024b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MD5: 10307046e19c8ec964c792a798b32bb3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MD5: 3b919cbdde7ae3376ed296839846c3dd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MD5: a490b22bd077d42e385581047801b6b2 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MD5: 17fadecb631ff8dbe735ba33409885c2 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MD5: fab18e11587305bf8039ea6f8f731207 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MD5: bd23077cbad092a5ea5f77ed874f32a2 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MD5: 2291d1fabc087e43d4122cace1ca30f9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MD5: 26a68554f95a344b62e5771af598e0e8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MD5: c8cae88631528d91440e7993762743cd C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
MD5: ef27d705fbcea4de4c12b5f50e040587 C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: a7e770b48cb0b6eb979fa6c518b1b518 C:\Windows\Downloaded Program Files\Manager.exe
MD5: 56940b50ab0e5923822f47b0e4463885 C:\Windows\Downloaded Program Files\qsax.dll
MD5: 2b606a1f22ad31f6397982176c2ea60f C:\Windows\Downloaded Program Files\qsax64.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 75bcc4043512e41d83c8f224b168039c C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 4552f8f61a7975c2359d19673483604d C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: f98b0b2789436e072d7ed979c4e44d07 C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 0419e8827e8bf83918f007bebb1ab127 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 3c1897a32050d1594a40bc30a5b575e1 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 97c0dd1a96684907fc1cdbb05f172376 C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 7a61e612b2c4addac988233206201feb C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 3e2e7f65a2173653182b5870f9a61d51 C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 25ba6a58e93f8abc6a4f7a7eb698ed24 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 73a78a7bc669ae5070d12522730602da C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: e232c962d3b087cacf0ab36721af2a1e C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: 8e9d89b673ef43e9526d8aef557402cd C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 82d9d29b54e96c6efb26d76768375389 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 2e980982c823ae14be1ef2f1f833a77d C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 1b67ef92fd2ab3c74f17fde045f68a0c C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 2ae62ba7e40f7f8024b41e0302bc30bc C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: c6a580f9a1b690877914e556f2693854 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: e60d33ae58f909cbf7abe3fb19eb0e39 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 0be3d3363b253069b592db0568372518 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: 8b6e1068a48899c1ef5dcb56f9e8cbeb C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: c56c14c562eba8cc9a74d379c3b7d408 C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 4eed0208825a65cbdffa9ac95d730feb C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a1cdea48729a22be69a33a1289b154b4 C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 394c82d75383ff17307c155994679da2 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: e24d5fd658b93f6aad0eb60ad1a92220 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 838c585cbea8a26be92b087e1a6fdff6 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 364a6844ea41ec5abccfc6f119908c39 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: ae33e511ac83d95807ef2612186b81fc C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: 6391f2ff25b8244d3d82ea3312ef25a6 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: b245c9d03dff80783b4987ab1645b2a7 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 0b997865c325d6f3c9587a102518b055 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: ca79539d3d4c0ba66f0f051a5ee5e923 C:\Windows\system32\cryptnet.dll
MD5: 96c0e38905cfd788313be8e11dae3f2f C:\Windows\system32\cryptsvc.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\dnsapi.DLL
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: a29d734f650f958424743be3baa052c8 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\Windows\system32\IEFRAME.dll
MD5: cc0713b192bf47a124168957acd75cc1 C:\Windows\system32\IEUI.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.DLL
MD5: e34c4aaf1533648bc4b671c0f4d86f03 C:\Windows\system32\jscript.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL
MD5: bb197f54a8f69eea8356b7f70e6d3a20 C:\Windows\system32\MSHTML.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 1cdea9188899e76d4ffd54c9d512ccdb C:\Windows\System32\msxml3.dll
MD5: d9a9702e43a5859896f34898d5fd3fec C:\Windows\System32\msxml6.dll
MD5: 591fe0a6ceb19bf886ceb1331f591940 C:\Windows\system32\ncrypt.dll
MD5: 2fca0d2c59a855c54bafa22aa329df0f C:\Windows\system32\NETAPI32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll
MD5: c2bf632476c9568716a8771451504628 C:\Windows\system32\nvwgf2um.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\Riched20.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: f93674263f6b07c77956e966953242d9 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\Wscapi.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\SysWOW64\Cabinet.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 60d21799a4af4edce65fb98830e4b0c8 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 c:\windows\syswow64\ieframe.dll
MD5: eb8a00e8e9931a7ec04f920b09d880d8 C:\Windows\syswow64\iertutil.dll
MD5: b2db6aba2e292235749b80a9c3dfa867 C:\Windows\syswow64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll
MD5: 394373142655accf49d64aad466c86ff C:\Windows\SysWOW64\jscript9.dll
MD5: 9b98d47916ead4f69ef51b56b0c2323c C:\Windows\syswow64\kernel32.dll
MD5: 53bb811ed12d2c867b354390fabf9612 C:\Windows\syswow64\KERNELBASE.dll
MD5: 8b1e277f554228a84126402bbbdc32f4 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_287.ocx
MD5: 44c00a385ca9dbc1d5cf3781f8c26aea C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: e7bc792810ec02dd1f7ed25d830e9324 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: bb197f54a8f69eea8356b7f70e6d3a20 C:\Windows\SysWOW64\mshtml.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 3d3cbd1847f980fb03343a63671e7886 C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 29e9794708df51db5dc89fb2e903a0f6 C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: eda7ad21df8945528f01f0a86d69e524 C:\Windows\syswow64\SspiCli.dll
MD5: 9fac0f6d5f3d922db294e30cd3f62369 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 5553611e2f9ea6f613079177f1233068 C:\Windows\syswow64\WININET.dll
MD5: 17448af0bba9e7ab5ec955af93f271bd C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 7d4dc95a1f5e0818e74a399960569ea1 C:\Windows\SysWOW64\wuapi.dll
MD5: fb633dcc8664e4ccacf562db5bae38cf C:\Windows\SysWOW64\wups.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: db001faea818ae2e14a74e0adc530fc0 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCP90.dll
MD5: b3892e6da8e2c8ce4b0a9d3eb9a185e5 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: 7717f84f483002815490033bf069dabd C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
MD5: 1c338290116b8d8d91018e8e6c66e555 G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
MD5: 880798f61d6faa41556ce9fa25e146f5 G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
MD5: a6555c77341071fd00dc72a7e68ef41d G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 G:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
MD5: 1474f121c3df1232d3e7239c03691ee6 G:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
MD5: 232c0b9155f6a2c3736a9488f0c456da G:\Program Files (x86)\Adobe\Elements 9 Organizer\platform.dll
MD5: 2dad4b6b659f7e5dfbcb6d2c634fa6f3 G:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 22cc6cdba678790046693654c3b212e4 G:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: af51b4250f9a37eb88d8f92e4a3c2f79 G:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MD5: c12479cc7830aec5f35a2750094a9d14 G:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MD5: 8ffcfe3351f51e19b856a2347e19b850 G:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
MD5: 9c11630d403b2768f3eaf9230181e01a G:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MD5: 58fbf6ef281bf78cf16c3b7f58530673 G:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MD5: 5d1d4f50129e4b35c44f3d4f341ef51f G:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MD5: 1bef98b2bd922836ccdd0f85620bc755 G:\Program Files (x86)\Winamp\winampa.exe
MD5: f9d908de6b166dac9b89bf62fa291ce8 G:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd G:\Program Files\Bonjour\mDNSResponder.exe
MD5: 6e50cfa46527b39015b750aad161c5cc G:\Program Files\iPod\bin\iPodService.exe
MD5: cc8e4f72f21340a4d3a3d4db50313ef5 G:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: 79e80b10fe8f6662e0c9162a68c43444 G:\Program Files\Microsoft Security Client\NisSrv.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 G:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 7b845bfe314509d08ab5865cb141e332 G:\Programs\iTunes\iTunesHelper.dll
MD5: 4affdcaadcb1dbbffaf06c7f82e7f6fc G:\Programs\iTunes\iTunesHelper.exe
MD5: 9dee004269dadee715bd572410aa6076 G:\Programs\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: a7146c0c90d7ba0f251ac073e655d4d2 G:\Programs\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: c1680c34de8a405c8829ab93236576fd G:\Programs\iTunes\Mozilla Plugins\npitunes.dll
MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 g:\programs\ms office\office14\urlredir.dll
MD5: 9eb925edc8cf1c3d06e50e9348b54a0a H:\My Documents\AppData\Local\Facebook\Update\FacebookUpdate.exe
MD5: b932cb0d859b981c99b90f3beae017b7 H:\My Documents\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.94 KB recvd
Scanned 391 files and modules - 55 seconds

==============================================================================
  • 0

Advertisements

#11
Aaron
Posted 17 October 2012 - 01:38 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, your logs look clean :thumbsup:

I'm happy I could help. I'm giving you some tips about preventing new infections and how to increase your computer's speed.
Let's first remove all system restore points (because they may still contain malware) and create a new restore point. To do this:

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:

    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES
Now we can cleanup the tools we used:
  • Open OTL to run it.
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application.
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes.
  • Note: if there are still some files left then you may delete them manually
============ 1. Cleaning your temporary files ============

We've already cleaned your temporary files when we removed the malware on your computer, but you could do this step once a month to keep your computer clean and faster. It will also greatly decrease the time a program like e.g. MBAM needs to scan for malware

Download Posted ImageTFC by OldTimer to your desktop
  • Please right-click TFC.exe and choose Run As Administrator.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it''s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
You can find more information about TFC here.
Another great program you could use instead is Posted ImageCcleaner, it's best to download and install Ccleaner Slim that does not contain the Yahoo! Toolbar.

============ 2. Updating your programs ============

It is recommended to update all your programs, as this will result in a faster working computer and optimal protection. I highly recommended you to update most programs at least once a month!

  • Posted ImageIt is very important to update Windows as this will make your computer a lot safer, stable and maybe even faster. Every XP user should have Service Pack 3 & every Vista user should have Service Pack 2.
    For XP users: You can start it by clicking Start -> All programs -> Windows Update or go to this site.

    For Vista/Windows 7 users: Go to Control Panel and select System and Maintenance, then select Windows Update and install every update.
  • Posted Image It is also very important to update Java! Older versions have vulnerabilities that malware can use to infect your system (like when playing a browser game or even by visiting certain sites). Please follow these steps to remove older versions of Java and to install the newest one available.
    • Download the latest version of Java SE Runtime Environment (JRE) here.
    • Please go to Start -> Control Panel -> Add/Remove Programs and remove all old versions like Java™ 6 Update *version*. The following versions of Java could also be installed, uninstall these too: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE and J2SE.
    • Reboot your computer once all Java components are removed.
    • If you are experiencing problems while removing Java then you can try JavaRa to remove all leftovers.
    • Then from your desktop double-click on the download to install the newest version.
  • Posted ImageIt is also important to update Adobe Reader. Please go to Start > Control Panel > Add/Remove Programs and remove Adobe Reader. Then download and install the latest version here.
  • Extra:Posted ImageSecunia and the Posted ImageFilehippo Update Checker are two programs which can help you updating your programs. These will notify you when an update is found an suggest you a download link.
============ 3. How to prevent an new infection ============

I will list some program's here to secure your computer. At first look this could seem as a security overkill, but it isn't. Most program's aren't active so they won't slow down your computer at all. Only your antivirus, firewall, Winpatrol and Autorun Eater are active. These last two use almost no system resources from your computer, so your computer won't slow down a bit. All these programs are also free or have a free version.

  • First of all you need a good antivirus. Only install one antivirus program at the time because they can conflict! A few good antivirus to buy are Avira, Kaspersky, Avast and Norton (there are other good ones too). You see for yourself, you can find test reports ones a month at AV-Comparatives.org.
    If you want a free antivirus then I recommend you ONE of these:

    ! McAfee and Norton are known for their inability to uninstall themselves correctly, so after you uninstall them then run the corresponding uninstaller before trying to install a new anti-virus!
    McAfee Uninstaller
    Norton Uninstaller
  • Posted ImageSpywareblaster protects against bad ActiveX, it immunizes your PC against them. For more information see the TUTORIAL
  • Posted Image MVPS Hosts file this hosts file should replace your current hosts file. When done, a lot of 'bad' sites will be blocked so you can't access them and you won't be infected. For more information see the TUTORIAL
  • A firewall is important to prevent malware connecting the internet (for sending personal information or to copy itself to other computers) and blocking unauthorised access to your computer, however this is can only come in handy for -very- experienced users. The windows firewall is fine for the most users, but it doesn't allow you to monitor outgoing connections (Vista and Windows can if you change the settings). A tutorial on understanding and using firewalls may be found here. If really you want a third-party firewall then I recommend you ONE of these to:

  • Extra: Posted ImageWinPatrol is a small program that will sit in your systray and warn you if something like malware tries to make changes to your system - for experienced users who like this extra protection.
  • Extra: if you use USB drives a lot then you might want to install Posted ImageAutorun Eater. This is a small program which will stay resident and prevent an infected USB device from infecting your PC. This is the ONLY secure way to use USB drives that aren't yours! For more information see the FAQ
  • Posted ImageSandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. It therefore greatly increases your security ! Anything done in the 'Sandbox' can easily be undone, for more information see the Help & FAQ. This is one of my favorite programs!
  • Extra: have a look at Posted ImageOpenDNS if you want to block phishing sites, +18 sites from you kids and more.
  • If you have a router, logon to it today and change the password from the default. If you don't know how, get the make and model from the router then google for the router maker's site. Almost all router makers have very clear instructions for each router they make. This will prevent DNS hijacking. Also try using WPA(2) encryption as WEP is easily hacked.
  • For safest browsing use a login which does not have admin rights. Any login (especially those with admin rights should have a password and it should be something you can remember but which a random hacker can't guess.)
    How to create User Accounts XP
    How to create User Accounts Video - Windows 7 (& Vista)
============ 4. Detecting and deleting infections ============

Unfortunately some malware will always be able to get through our very good prevention, however this is very rare. To check your system for malware or to remove it I recommend you to scan monthly with these three programs:

Always update these programs before you start scanning, this is very important !!
If you are happy with MBAM or SuperAntiSpyware then you might consider buying a license. A license isn't expensive at all and they are valid for ever, so no need to buy a new every year. With a license you have real-time protection (besides your antivirus software) and will prevent a lot of malware before they get on your computer! I strongly recommend you try a free trail to test each program and make up for yourself which one suites you best. BUT, do not buy a license for both. If you have these two programs running at the same time, then they may conflict.

============ 5. What browser should I use and how do I surf the internet safe? ============

There are a lot of browsers you can use. Some are more secure, faster, have a better compatibility with most sites and some are more customizable then others, but they all have there strong and weak points.

Posted ImageInternet Explorer is installed on almost every Windows computer. It is the slowest browser of all browser listed here and it's targeted most by malware. However Internet Explorer has a very high compatibility with most sites, it is a browser that most people use and there is good support from Microsoft.

How to make Internet Explorer more secure ?
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Posted ImageFirefox is a very good open source browser. It's the secondly most used browser, it has a high compatibility with most sites and it's highly customizable. It is my personal favourite. FireFox is also targeted a lot by malware and it's not the fastest one, it has a slow startup. If you use Firefox then I recommend these add-ons:

  • Adblock Plus will block almost all ads on the internet.
  • WOT this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling!
  • NoScript provides extra protection to your Firefox (for more experienced users). It really makes Firefox safer!
    It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS) and Clickjacking attempts.
  • Vacuum Places Improved defragments your Firefox "Places" database (history/bookmarks)
    This greatly reduces the lag while typing in the address bar and the start-up time.
    This extension features configurable automatic cleaning, periodic reminder, and internationalization.
  • SpeedyFox another good tool that also boosts Firefox.
See here for a list of popular extensions, I'm sure it will improve your browser experience!

Posted ImageOpera is a good looking and very fast browser that has a lot of features other browsers don't have and it also isn't really targeted by malware. Not as customizable as Firefox and you can have some compatibility problems. Some features are: Mouse gestures, Opera Link, Opera Mail, Opera Turbo, Widgets, Speed Dial, Opera Unite... See here for more information.

Posted ImageGoogle Chrome is relatively new browser that is getting popular very fast. It is made by Google, it's the fastest browser of all and it's also easy looking. It also has support for add-ons like Firefox, but not as many as Firefox:

  • Adblock will block almost all ads on the internet.
  • WOT this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling!
See here for a list of popular extensions, I'm sure it will improve your browser experience!

============ 6. A few tips ============

  • Remove trail software and programs that you don't use any more, it will free disk space and can speed up your computer.
  • Make sure your hard drive is defragmented, this will also increase your computers' speed.

    • Windows XP users: have a look here
    • Windows Vista & 7 users: Windows normally defragments automatcly so you don't need to do anything. If you want to do it yourself then you can find information here
      I strongly recommend you to let Windows automatically defragment your drive once a month - not more, not less. You can check this option if you open Disk Defragmenter.
  • Make sure you always have backups! If anything goes wrong, you will always have your most precious data stored safe.
  • Do this to make your computer boot up and work a lot faster: open Start > Run and typ msconfig (Vista and 7 users can just typ this in the start menu) > Go to the Boot (4th) tab and untick everythink that isn't security software > press OK and restart.
    This will greatly improve your computers' speed!
  • Think twice when before downloading things like attachments, torrents, cracks, keygens, codecs and using P2P program's. Also watch out what sites you visit: particularly +18 sites and sites where you can download illegal or cracked software.
  • Do not use following software or be very, very careful: register cleaners, driver updating software, codecs (for music or movies) and Windows Transformation Packs. These often contain malware and even if they are malware free then they can still do severe damage to your system!
  • Also see the general the Preventing Malware and Safe Computing guide, made by one of my excellent former teachers.
Happy surfing again ! ;)
  • 0

#12
Aaron
Posted 20 October 2012 - 03:04 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
Aaron
Posted 10 November 2012 - 06:14 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
User returned.

When I browse my shared folder (from a networked computer with a mapped drived to the folder)
All of the folders are visible, but none of the files are.
I cannot remember doing anything else recently to network settings or privacy... or anything really... so I'm a bit confused.
The user still has read/write permission... so I'm not sure what happened there.


This isn't caused by any tool we ran, but I'll help you fix it. How much disk space does those folders take, are they all empty? Try showing hidden files: http://windows.micro...w-hidden-files.
  • 0

#14
FUState
Posted 12 November 2012 - 03:24 PM

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts
Your link is broken, but just to clarify, on my computer I can see the files fine (they take up about 8.4 GB, and are not hidden)
It is from the other computer on the network that the files were not showing.
I copied and pasted the folder in an attempt to try to share the copied folder... before I had changed anything else, I was able to access the original folder again... (via network)
So I'm not sure what voodoo my network is practicing, but if it's attempting to confuse me... it has succeeded.
  • 0

#15
Aaron
Posted 16 November 2012 - 02:03 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Sorry for my late reply, haven't had much time.

Is it better now, or still having troubles? ;)

- Maser00
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP