Jump to content

NukeMeSlowly

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by NukeMeSlowly

  1. NukeMeSlowly
    Deleted existing versin of Java and then downloaded latest. No problems with installation until the very end when I got an error message - something like "browserError3"? I checked the control panel and the newest version of Java is there. Is this just a hiccup or a real problem? Thanks again for all your help.
  2. NukeMeSlowly
    OTL fix: All processes killed========== OTL ==========C:\Users\Marjan\Desktop\~WRL0005.tmp deleted successfully.C:\Users\Marjan\Desktop\~WRL0338.tmp deleted successfully.C:\Users\Marjan\Desktop\~WRL1492.tmp deleted successfully.C:\Windows\assembly\Desktop.ini moved successfully.File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Marjan->Temp folder emptied: 1235991 bytes->Temporary Internet Files folder emptied: 333 bytes->Java cache emptied: 3963467 bytes->FireFox cache emptied: 87796165 bytes->Google Chrome cache emptied: 8152336 bytes->Flash cache emptied: 523 bytes User: Public->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 8614 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36033870 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 131.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Marjan->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Marjan->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 08072013_165447 Files\Folders moved on Reboot...C:\Users\Marjan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Marjan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... AdwCleaner delete: # AdwCleaner v2.306 - Logfile created 08/07/2013 at 17:02:06# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (64 bits)# User : Marjan - MARJAN-PC# Boot Mode : Normal# Running from : C:\Users\Marjan\Desktop\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] -\\ Google Chrome v28.0.1500.95 File : C:\Users\Marjan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2213 octets] - [07/08/2013 14:43:15]AdwCleaner[s1].txt - [1913 octets] - [07/08/2013 17:02:06] ########## EOF - C:\AdwCleaner[s1].txt - [1973 octets] ########## Laptop seems up to snuff. FBI virus is no where to be seen. Any remaining steps to take?
  3. NukeMeSlowly
    Extras.txt: OTL Extras logfile created on: 8/7/2013 2:52:24 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marjan\Desktop64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.96 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 76.01% Memory free15.91 Gb Paging File | 13.56 Gb Available in Paging File | 85.20% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.66 Gb Total Space | 370.02 Gb Free Space | 79.46% Space Free | Partition Type: NTFS Computer Name: MARJAN-PC | User Name: Marjan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-926839969-3728488504-4215999852-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0DB65D31-E2A8-4E37-A385-7EC81597AFDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1146FB26-47BD-4518-BBDE-E8472B57E828}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{179A96EE-CE79-4069-99BF-C26571BB51C4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{33176D8E-6215-4F84-BEB7-7405B05753BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3406FED7-B036-4F71-BC70-030907ED0CDC}" = rport=139 | protocol=6 | dir=out | app=system | "{391C505E-EA14-40AA-A628-E7BD8FFBC643}" = lport=139 | protocol=6 | dir=in | app=system | "{4FAF2245-E245-45F0-9912-B87529CA77F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5601E3A4-C78B-4487-B83E-B15A04339FD8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{64076E02-52ED-45BC-9245-DD625682A259}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{72726A52-7316-4E9F-8DB0-90D37AD1A65F}" = rport=137 | protocol=17 | dir=out | app=system | "{76F408CD-2B9B-482F-9DCD-62C10B6D57DD}" = rport=10243 | protocol=6 | dir=out | app=system | "{785BF150-4A8B-4DBE-A344-E81CBDE94FE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{854A93B8-5D23-4698-A457-EDFB4C39F654}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{88171309-B209-4229-B892-E52F27B41284}" = lport=10243 | protocol=6 | dir=in | app=system | "{8881F569-31FD-407F-8ABA-4F1C17313661}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{89906D12-770C-4C4C-A390-999BA02DD60D}" = lport=138 | protocol=17 | dir=in | app=system | "{9A96BFB5-8239-4900-B9CE-81973D62C311}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9D16D6B7-B882-4ADA-8548-678579E2E786}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AF27D78D-A855-4C0D-B478-A1DAB563C7F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B84E4D0F-07FE-454D-BD8C-9E5695C6B88E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BEF2F4C2-92AE-4A61-BC2F-5D2A5FCA9E11}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C03D3E30-8744-4A50-8DAE-B6A4C1641441}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C0B06B03-32BE-4E1D-A115-EBDCB1C9728A}" = lport=445 | protocol=6 | dir=in | app=system | "{C0C7BA16-126B-4FAF-9104-4891EA1984AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C20721CF-46BB-458F-98A8-2D67586CC86D}" = lport=137 | protocol=17 | dir=in | app=system | "{C64C5AFF-00CC-490E-A1DD-B67858B74B2C}" = rport=138 | protocol=17 | dir=out | app=system | "{C86C4219-E628-437F-B9BA-C5AA35C83DA8}" = rport=445 | protocol=6 | dir=out | app=system | "{D23EBEB2-B844-4CA7-A9A1-393C67579D7E}" = lport=2869 | protocol=6 | dir=in | app=system | "{E9416211-32BE-48B0-9FBB-C2574B9D80BD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{EAE90FBB-8645-4015-9A12-D2F81887061B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EEA84EE4-E73D-4F51-BAEF-DAA6CD4EE83E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F29AB0B0-1B6C-4570-833D-CBFA39DF27E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01E66307-44CB-4448-BCF2-ED0015B9F3E9}" = protocol=17 | dir=in | app=c:\program files (x86)\novell\groupwise\notify.exe | "{0DBE4728-8236-4A03-A303-9AE7D498B6FD}" = protocol=17 | dir=in | app=c:\users\marjan\appdata\roaming\dropbox\bin\dropbox.exe | "{140FE54B-1453-4984-B682-62D53FE72998}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1FBE83E6-EBBA-44C3-BD51-25E3EE2026B9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{252111DD-377E-438D-A2D7-670B668780F8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{32932778-EB17-42A0-B50D-1C3EE5E4C666}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{39C9C8CE-00D1-4AAB-ADDC-2B50B13D5A00}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{4060816F-6CCB-41D0-8B75-4B0A9A337003}" = protocol=6 | dir=in | app=c:\program files (x86)\novell\groupwise\grpwise.exe | "{4F3B2CFC-7630-41D8-8C49-D107168349CB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{53C6864F-7F06-4A1E-8585-94895E5DA3C1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{545CB1FB-73B1-4DED-A497-B437E704E90E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5C9DD961-BEE3-4FBB-95D2-EC197D7B8668}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{67538317-1B68-464A-9840-4ECBE72D4F6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6B249F61-2EA5-4FD7-883F-D0B6B1CA9D71}" = protocol=6 | dir=out | app=system | "{7794B147-AE60-4EE1-89BF-B54195EF74CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7D17D359-AEF2-4F34-A977-B01961672D4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7D9EDF5B-4033-4396-9349-575C8CB7F589}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E101A26-1F95-4299-B3DF-6A811B1F2E4E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7EDE1E59-78DC-4222-87B2-D35111115422}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7FBCD583-133B-4EE3-A170-8ADA5C12ED40}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{80CCA550-27A7-4B18-9915-A39899579C1D}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{8326760D-688B-45DE-8D77-124D4097E2F1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{838F4089-2AD0-420D-8BE3-6C1F69A1CC90}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{94404A4B-B9AE-4B1B-AD23-A2D630AF86D7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{9A455869-98E8-459B-AA3E-E6A6964A0AA7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{9E10E1A1-09C8-4CE1-869D-C9933F0E55E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5D7D1C4-ED7D-4FF8-84F2-5230F185850B}" = protocol=17 | dir=in | app=c:\program files (x86)\novell\groupwise\grpwise.exe | "{A76AAA36-1973-49BB-9BA7-7221E50BFF9C}" = protocol=6 | dir=in | app=c:\users\marjan\appdata\roaming\dropbox\bin\dropbox.exe | "{A9451202-C3F2-4F58-8AC2-84990D0CFB03}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{A984994B-8DBF-444C-BAE1-82BEC8B02E22}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{AA8F44E7-A3E2-4CBD-A7A5-8FECE180E4F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{ADF3587E-0939-495A-8172-75197D6F3CA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B5566688-12FE-4B95-8CAB-BC5C50313591}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{B7059A25-59F8-48CE-854E-D52E1D0C5B53}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{BF450517-34CD-4B13-B612-0B35D8818E25}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C664DE27-830E-4341-80A7-5C4314C28B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{CAE32BB5-F96C-4CD5-B83D-270A5C52DA2E}" = protocol=6 | dir=in | app=c:\program files (x86)\novell\groupwise\notify.exe | "{CCD1B7CE-2266-4654-B374-424A7B7DE5B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "{CF023A4B-2D4E-47D3-8254-DA3F19885136}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D52E57D6-467F-46E6-8EC7-20CA955B3D61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D7EFECCF-EE4D-4C90-88F3-FAFC503AB0AF}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{E1D6661F-DC55-415A-82F7-BECE0293E1CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{ED189FAE-0B04-4DF6-9287-F29BACE8D1AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FB35CEB1-8508-4EE8-A6EE-52A06788ADF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FCD3DB5F-6CF5-4731-B651-FC165E024AA1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FD6D1EB3-A489-43BF-9605-0C485B7C9966}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FDABF8CC-09BB-416E-A898-AD2E56EF58ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{081E4F28-7F63-47AA-90B3-E382F14CAA7E}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | "TCP Query User{0C99E3CC-5DDB-4B18-9CE5-4C12FBCD7D94}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe | "TCP Query User{185A6AD3-9CAB-4FAC-817A-2D956536F4F4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4DD8F184-1330-4FC1-BA03-B6607E996E68}C:\users\marjan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\marjan\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{61AF5A9F-F0F7-410B-8FC9-73BE262AEF6D}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "TCP Query User{6D4FC898-ACCA-468C-9836-1589960B205C}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | "UDP Query User{383A4EEE-CFBC-4DA8-9437-557E10C1298D}C:\users\marjan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\marjan\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{A9D23EF6-7661-4A81-8530-D728A4383497}C:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe | "UDP Query User{B521EF32-EFFE-4D00-A651-475E6B0B2625}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{C388E34D-48B0-4B85-A309-5C9A343D1697}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | "UDP Query User{D1FDA46A-3424-4FBC-A4BC-43AA9D8C9817}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | "UDP Query User{EFD9134B-1981-46E7-B27F-BEDCA35DBC37}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP2 Common Files"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP2 Common Files"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID"{49BFDB10-A9AC-4368-9BF1-236D569DD8F0}" = QSR NVivo 10"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel® PROSet/Wireless WiFi Software"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = SQL Server 2008 R2 SP2 Database Engine Services"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes"{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer"{79A2C6E8-C727-4D12-B4B3-19790C181DEA}" = Microsoft SQL Server 2008 R2 Native Client"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{86D58D69-DC49-5E97-C63C-1BB8D6AED9DE}" = ccc-utility64"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient CAC x64"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8A6B4FE2-7CC4-4DAC-BC68-D9E170B758FD}" = Dell ControlVault Host Components Installer 64 bit"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = SQL Server 2008 R2 SP2 Database Engine Services"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP2 Database Engine Shared"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files "{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}" = Microsoft SQL Server 2008 R2 Setup (English)"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP2 Database Engine Shared"{D406D803-C60C-4CF5-9B97-B95C3DF87F52}" = Microsoft SQL Server 2008 R2 RsFx Driver"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{DB3D2C81-EF11-4b1f-9B55-3959AEE09E55}" = Canon MF8300C Series"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center"{EECA7F7F-FC25-7AF8-E0C5-DEFC4C705FD6}" = ATI Catalyst Install Manager"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess"{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager"815EB4ED418166EC2BBE3A39EAC38C74AE911A8C" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2009 8.5.0.251)"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Security Client" = Microsoft Security Essentials"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)"ProInst" = Intel PROSet Wireless"PROSet" = Intel® Network Connections Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)"{079A722B-B7BA-E464-E023-4150C8D766BB}" = CCC Help Korean"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files"{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel® Identity Protection Technology 1.0.71.0"{3318B54A-B5A8-49B1-8016-753DC6CAC63B}" = Citrix Online Launcher"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver"{34403D44-0BA0-4CB3-9C7C-EFD30F2C3AA8}" = QSR NVivo Add-In for OneNote"{349D9525-A9D9-2EAE-73AB-07CCDB6A1C6C}" = Catalyst Pro Control Center"{361A1B67-3B21-D60B-BC19-C74741B79380}" = CCC Help Chinese Standard"{3A3915D6-86A1-3D5F-9582-ABD25DF3D1F8}" = CCC Help Danish"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5"{53E079E5-4DEC-4E95-8EB9-8FF9A82D82AC}" = Catalyst Control Center - Branding"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services"{59674E04-026D-5EFB-D485-A18261D18DD1}" = CCC Help German"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support"{6146B9DC-C33D-11E2-BDE1-984BE15F174E}" = Evernote v. 4.6.6"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{664FE4DC-E38D-40A0-83F0-D80B37015CAB}" = InstallRoot 3.12"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{75714348-A747-24A8-DCA3-8755AF0AC1E8}" = CCC Help Japanese"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7C113200-C529-0123-4A2E-AEF6F6271677}" = Catalyst Control Center Localization All"{7DE75545-D263-FFEB-0845-AC772E771C37}" = CCC Help Russian"{81FADFBE-3B56-47FC-A122-3C69D1708089}" = GroupWise"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4"{870594CD-9A49-0643-24E0-610DA7466629}" = CCC Help Italian"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11"{8E2BC848-4490-4A19-8304-5A9D79DD33FA}" = AnySync"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{94F57B0C-54F0-4612-7895-3F07024B95BC}" = CCC Help Portuguese"{979742CC-2CBB-49D8-9BEE-C2F7875F5393}" = Brother MFL-Pro Suite MFC-9970CDW"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9ADA656A-36AA-A333-1655-04D5F3A1224A}" = CCC Help Finnish"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D5B85C5-45B9-30A1-8433-B011398C38AA}" = CCC Help Norwegian"{A2471C92-D798-30D7-5801-6C3542A0DD5D}" = CCC Help Spanish"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch"{AE0F1B03-E104-AA68-850A-A2DE9F95BCBF}" = CCC Help English"{AF11C2C6-2B08-2666-53AF-FB96D686D12B}" = CCC Help Swedish"{B32CD9BC-7C16-4152-A579-2AA32730E24E}" = QSR NCapture for Internet Explorer"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser"{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer"{EA9A9EEE-2275-F448-80CA-173F11D56B9A}" = Catalyst Control Center InstallProxy"{EB78E6E7-6E0B-4EEE-A485-9361C3500096}" = QSR NCapture for Chrome"{F2F8DB1D-16B0-ED0D-E510-57C921E72616}" = CCC Help Dutch"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{F9EC8B11-E5F2-47A7-C631-7D4430DF3CE2}" = CCC Help French"{FACF1591-128A-0365-F10D-28379C9776BC}" = CCC Help Chinese Traditional"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"AnyTime Organizer" = AnyTime Organizer"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool"Genie Timeline" = LaCie Genie Timeline 2.1"Google Chrome" = Google Chrome"GoToAssist" = GoToAssist Corporate"InstallShield_{1B7D35ED-B68B-479F-94D7-0D8DF2BBC90E}" = O2Micro Flash Memory Card Windows Driver"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Microsoft SQL Server 10" = Microsoft SQL Server 2008"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008"MiPony" = MiPony 2.0.2"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper"VLC media player" = VLC media player 2.0.7"WMS" = Windows NT Messaging ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-926839969-3728488504-4215999852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"ActiveTouchMeetingClient" = Cisco WebEx Meetings"Dropbox" = Dropbox"DSite" = Update for Mipony Download Manager"GoToMeeting" = GoToMeeting 5.6.0.1157 < End of report > ESET: ESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=61b42f9f889b5744b56047b18af2c71b# engine=14692# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=false# unsafe_checked=false# antistealth_checked=true# utc_time=2013-08-07 08:36:41# local_time=2013-08-07 04:36:41 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776574 100 94 1327654 127451251 0 0# scanned=234078# found=3# cleaned=3# scan_time=5267sh=A32DB4D9496F111DF0489BC4352496C6058B4F7D ft=1 fh=5f34d5a98eda74b2 vn="a variant of Win32/Kryptik.BHKC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\0EnIeGij.exe"sh=818189BDD688028C1961F8840F38C6EC279F285C ft=1 fh=5f34d5a94bbe81ca vn="a variant of Win32/Kryptik.BHKC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Marjan\AppData\Local\7zh41ioRd\0EnIeGij.dll"sh=A32DB4D9496F111DF0489BC4352496C6058B4F7D ft=1 fh=5f34d5a98eda74b2 vn="a variant of Win32/Kryptik.BHKC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Marjan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\22268c2c-59c70453" ESETSscan: C:\FRST\Quarantine\0EnIeGij.exe a variant of Win32/Kryptik.BHKC trojan cleaned by deleting - quarantinedC:\Users\Marjan\AppData\Local\7zh41ioRd\0EnIeGij.dll a variant of Win32/Kryptik.BHKC trojan cleaned by deleting - quarantinedC:\Users\Marjan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\22268c2c-59c70453 a variant of Win32/Kryptik.BHKC trojan cleaned by deleting - quarantined Please advise next steps.
  4. NukeMeSlowly
    AdwCleaner logfile: # AdwCleaner v2.306 - Logfile created 08/07/2013 at 14:43:15# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (64 bits)# User : Marjan - MARJAN-PC# Boot Mode : Normal# Running from : C:\Users\Marjan\Desktop\AdwCleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\.autoregFolder Found : C:\ProgramData\AskFolder Found : C:\Users\Marjan\AppData\Roaming\DSite ***** [Registry] ***** Key Found : HKCU\Software\InstallCoreKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] -\\ Google Chrome v28.0.1500.95 File : C:\Users\Marjan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2090 octets] - [07/08/2013 14:43:15] ########## EOF - C:\AdwCleaner[R1].txt - [2150 octets] ########## JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.3.6 (08.07.2013:2)OS: Windows 7 Professional x64Ran by Marjan on Wed 08/07/2013 at 14:45:48.05~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcoreSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltechSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AC3AFA01-E1BE-4601-A747-6E6C0987CED5} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Marjan\AppData\Roaming\dsite"Successfully deleted: [Folder] "C:\ProgramData\ask" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 08/07/2013 at 14:50:28.50End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL.txt: OTL logfile created on: 8/7/2013 2:52:24 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marjan\Desktop64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.96 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 76.01% Memory free15.91 Gb Paging File | 13.56 Gb Available in Paging File | 85.20% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 465.66 Gb Total Space | 370.02 Gb Free Space | 79.46% Space Free | Partition Type: NTFS Computer Name: MARJAN-PC | User Name: Marjan | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013/08/07 14:42:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marjan\Desktop\OTL.exePRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/05/22 17:46:08 | 001,089,888 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exePRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exePRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exePRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exePRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exePRC - [2012/02/16 12:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exePRC - [2011/07/25 10:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exePRC - [2010/12/03 13:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/12/03 13:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/11/29 16:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exePRC - [2010/11/17 13:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2010/08/13 21:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\SysWOW64\SDIOAssist.exePRC - [2010/06/14 21:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exePRC - [2010/06/14 21:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exePRC - [2010/03/25 08:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exePRC - [2010/01/18 21:43:00 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEPRC - [2008/09/29 09:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exePRC - [2008/09/29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exePRC - [2008/03/14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exePRC - [2008/03/14 05:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exePRC - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exePRC - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe ========== Modules (No Company Name) ========== MOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dllMOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dllMOD - [2013/07/24 20:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dllMOD - [2013/07/24 20:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dllMOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dllMOD - [2012/09/08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dllMOD - [2012/09/08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dllMOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/07/25 10:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exeMOD - [2010/08/30 23:42:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\ext\php_gstl_interface.dllMOD - [2010/06/14 21:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exeMOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2011/09/26 19:10:06 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2011/07/01 14:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)SRV:64bit: - [2011/05/27 18:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)SRV:64bit: - [2011/05/24 16:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)SRV:64bit: - [2011/03/18 09:34:20 | 005,873,840 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)SRV:64bit: - [2011/02/02 10:25:24 | 000,468,096 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)SRV:64bit: - [2011/01/20 15:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)SRV:64bit: - [2011/01/06 23:32:52 | 000,283,648 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2010/12/23 18:23:48 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2010/12/23 18:14:10 | 000,992,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7)SRV:64bit: - [2010/12/23 18:07:12 | 000,845,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2010/10/28 18:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)SRV:64bit: - [2010/10/28 18:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV:64bit: - [2009/06/03 17:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)SRV:64bit: - [2008/09/29 09:07:00 | 000,075,656 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)SRV - [2013/06/12 14:27:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)SRV - [2012/02/16 12:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)SRV - [2011/12/27 18:15:11 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)SRV - [2010/12/03 13:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/12/03 13:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/11/29 16:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)SRV - [2010/03/25 08:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2008/09/29 09:07:00 | 000,175,072 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)SRV - [2008/09/29 09:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)SRV - [2008/09/29 09:07:00 | 000,017,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)SRV - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/31 07:56:58 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)DRV:64bit: - [2012/06/29 01:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)DRV:64bit: - [2012/06/21 21:59:36 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/09/26 20:00:22 | 009,321,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2011/09/26 18:33:00 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/09/07 11:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)DRV:64bit: - [2011/07/22 13:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)DRV:64bit: - [2011/07/15 22:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)DRV:64bit: - [2011/06/06 19:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/01/06 23:32:52 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2011/01/04 17:31:16 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)DRV:64bit: - [2010/12/21 13:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/19 14:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2010/11/19 14:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2010/10/28 11:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)DRV:64bit: - [2010/10/19 14:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/08/24 18:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/09/29 09:07:00 | 000,465,792 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)DRV:64bit: - [2008/09/29 09:07:00 | 000,118,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)DRV:64bit: - [2008/09/29 09:07:00 | 000,096,016 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)DRV:64bit: - [2008/09/29 09:07:00 | 000,082,504 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)DRV:64bit: - [2008/09/29 09:07:00 | 000,075,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)DRV:64bit: - [2008/06/04 17:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 25 F6 35 D8 28 CE 01 [binary data]IE - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Marjan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/13 16:51:40 | 000,000,000 | ---D | M] [2012/10/02 14:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marjan\AppData\Roaming\Mozilla\Extensions[2012/10/02 14:51:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\gcswf32.dllCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllCHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: YouTube = C:\Users\Marjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Marjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: NCapture = C:\Users\Marjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek\1.0.128.0_0\CHR - Extension: Skype Click to Call = C:\Users\Marjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\CHR - Extension: Gmail = C:\Users\Marjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/08/07 02:14:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O3:64bit: - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)O4 - HKLM..\Run: [AnySync] C:\Program Files (x86)\AnySync\SyncLauncher.exe (iAnywhere Solutions, Inc.)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKLM..\Run: [shStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-21-926839969-3728488504-4215999852-1000..\Run: [AnyTime Organizer] C:\Program Files (x86)\AnyTime Organizer Deluxe\AtDem.exe (Individual Software, Inc.)O4 - HKU\S-1-5-21-926839969-3728488504-4215999852-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)O4 - HKU\S-1-5-21-926839969-3728488504-4215999852-1000..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)O4 - HKU\S-1-5-21-926839969-3728488504-4215999852-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)O4 - Startup: C:\Users\Marjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-926839969-3728488504-4215999852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not foundO8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not foundO8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not foundO8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not foundO8:64bit: - Extra context menu item: NCapture for NVivo - C:\Program Files (x86)\QSR\NCapture\Internet Explorer\QSR.NCapture.IE.Resources.dll (QSR International)O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not foundO8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not foundO8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not foundO8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not foundO8 - Extra context menu item: NCapture for NVivo - C:\Program Files (x86)\QSR\NCapture\Internet Explorer\QSR.NCapture.IE.Resources.dll (QSR International)O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://aumail4.american.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB (IOBIVMUtil.VMDecoder)O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://aumail4.american.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CCC2E89-291C-4D63-9C6D-2A5452C8901C}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43D08ED-FFDD-426B-8341-E586DF075969}: DhcpNameServer = 68.87.73.242 68.87.71.226O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not foundO20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/07 14:45:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/08/07 14:42:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marjan\Desktop\OTL.exe[2013/08/07 14:42:00 | 000,563,082 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Marjan\Desktop\JRT.exe[2013/08/07 02:41:18 | 000,000,000 | ---D | C] -- C:\Users\Marjan\AppData\Local\Programs[2013/08/07 02:18:21 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/08/07 02:14:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2013/08/07 02:05:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/08/07 02:05:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/08/07 02:05:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/08/07 02:05:27 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/08/07 02:05:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/08/07 02:04:19 | 005,100,695 | R--- | C] (Swearware) -- C:\Users\Marjan\Desktop\ComboFix.exe[2013/08/07 01:56:18 | 000,000,000 | ---D | C] -- C:\FRST[2013/08/07 01:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/08/07 01:51:23 | 000,000,000 | ---D | C] -- C:\Users\Marjan\Desktop\mbar-1.06.0.1004[2013/08/07 01:46:42 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marjan\Desktop\tdsskiller.exe[2013/08/06 20:51:02 | 000,000,000 | ---D | C] -- C:\Users\Marjan\AppData\Local\7zh41ioRd[2013/08/04 04:24:15 | 000,000,000 | ---D | C] -- C:\Users\Marjan\AppData\Roaming\XCPCSync.OEM[2013/08/03 17:01:06 | 000,000,000 | ---D | C] -- C:\Users\Marjan\Desktop\MPS Student Handbook[2013/08/03 14:29:34 | 000,000,000 | ---D | C] -- C:\Users\Marjan\Desktop\MPS Website August 2013[2013/07/31 19:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities[2013/07/31 18:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities[2013/07/31 18:38:10 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information[2013/07/31 18:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX860 series[2013/07/31 18:38:07 | 000,299,520 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC860L.DLL[2013/07/31 18:38:07 | 000,235,008 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNC860O.DLL[2013/07/31 18:38:07 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC860I.DLL[2013/07/31 18:38:06 | 001,342,976 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC860C.DLL[2013/07/31 18:37:41 | 000,244,736 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIU9N.DLL[2013/07/31 18:37:41 | 000,131,584 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC860Z.DLL[2013/07/31 18:37:36 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ[2013/07/31 17:33:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan[2013/07/28 11:49:21 | 000,366,080 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNMNPPM.DLL[2013/07/28 11:49:21 | 000,252,416 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL[2013/07/28 11:49:21 | 000,152,064 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL[2013/07/22 17:04:15 | 000,000,000 | ---D | C] -- C:\Users\Marjan\AppData\Local\Evernote[2013/07/22 17:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote[2013/07/22 17:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote[2013/07/19 15:29:26 | 000,000,000 | ---D | C] -- C:\Users\Marjan\Desktop\Sample Project Data[2013/07/19 04:29:47 | 000,000,000 | ---D | C] -- C:\Users\Marjan\AppData\Local\IsolatedStorage[2013/07/19 04:27:11 | 000,000,000 | ---D | C] -- C:\Users\Marjan\AppData\Roaming\QSR_International[2013/07/19 04:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QSR[2013/07/19 04:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\QSR[2013/07/19 04:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\QSR[2013/07/19 04:22:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NVivo 10 Samples[2013/07/19 04:20:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QSR[2013/07/19 04:18:34 | 000,086,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll[2013/07/19 04:18:34 | 000,057,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll[2013/07/19 04:18:23 | 000,088,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$QSRNVIVO10-sqlctr10.52.4000.0.dll[2013/07/19 04:18:23 | 000,082,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$QSRNVIVO10-sqlctr10.52.4000.0.dll[2013/07/19 04:17:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx[2013/07/19 04:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0[2013/07/19 04:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET[2013/07/19 04:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2[2013/07/12 07:49:38 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/07/12 07:49:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/07/12 07:49:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/07/12 07:49:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/07/12 07:49:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/07/12 07:49:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/07/12 07:49:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/07/12 07:49:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/07/12 07:49:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/07/12 07:49:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/07/12 07:49:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/07/12 07:49:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/07/12 07:49:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/07/12 07:49:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/07/12 07:49:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/07/11 18:48:19 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll[2013/07/11 18:48:19 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll[2013/07/11 18:48:18 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/07/11 18:48:18 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL[2013/07/11 18:43:32 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll[2013/07/08 23:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2013/07/08 23:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime[3 C:\Users\Marjan\Desktop\*.tmp files -> C:\Users\Marjan\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/08/07 14:42:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marjan\Desktop\OTL.exe[2013/08/07 14:42:04 | 000,563,082 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Marjan\Desktop\JRT.exe[2013/08/07 14:40:50 | 000,666,633 | ---- | M] () -- C:\Users\Marjan\Desktop\AdwCleaner.exe[2013/08/07 14:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/08/07 11:26:41 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/08/07 11:26:41 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/08/07 11:18:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/08/07 11:18:12 | 2113,613,823 | -HS- | M] () -- C:\hiberfil.sys[2013/08/07 02:41:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/08/07 02:24:15 | 000,891,098 | ---- | M] () -- C:\Users\Marjan\Desktop\SecurityCheck.exe[2013/08/07 02:14:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/08/07 02:04:20 | 005,100,695 | R--- | M] (Swearware) -- C:\Users\Marjan\Desktop\ComboFix.exe[2013/08/07 01:51:05 | 013,399,154 | ---- | M] () -- C:\Users\Marjan\Desktop\mbar-1.06.0.1004.zip[2013/08/07 01:46:43 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marjan\Desktop\tdsskiller.exe[2013/08/06 20:51:08 | 000,267,776 | ---- | M] () -- C:\Users\Marjan\AppData\Local\xUtgombQJ[2013/08/06 20:51:08 | 000,267,776 | ---- | M] () -- C:\ProgramData\oC4C9VxNeom[2013/08/06 20:51:08 | 000,267,776 | ---- | M] () -- C:\Users\Marjan\AppData\Roaming\Bsz1oXVEMxW[2013/08/04 04:33:45 | 000,014,949 | ---- | M] () -- C:\ads_err.adt[2013/08/04 04:24:37 | 000,004,554 | ---- | M] () -- C:\ads_err.adm[2013/08/04 04:24:37 | 000,003,072 | ---- | M] () -- C:\ads_err.adi[2013/08/03 13:02:33 | 000,911,684 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/08/03 13:02:33 | 000,755,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/08/03 13:02:33 | 000,156,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/07/31 19:04:30 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk[2013/07/22 17:13:49 | 000,001,127 | ---- | M] () -- C:\Users\Marjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk[2013/07/22 17:03:58 | 000,000,932 | ---- | M] () -- C:\Users\Marjan\Desktop\Evernote.lnk[2013/07/19 16:05:25 | 006,422,528 | ---- | M] () -- C:\Users\Marjan\Documents\Practice.mp.nvp[2013/07/19 13:49:28 | 004,194,304 | ---- | M] () -- C:\Users\Marjan\Documents\Marjan's Test Project.nvp[2013/07/19 10:14:31 | 000,419,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/07/19 04:22:20 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\QSR NVivo 10.lnk[2013/07/15 11:26:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/07/15 11:26:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[3 C:\Users\Marjan\Desktop\*.tmp files -> C:\Users\Marjan\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/08/07 14:40:47 | 000,666,633 | ---- | C] () -- C:\Users\Marjan\Desktop\AdwCleaner.exe[2013/08/07 02:41:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/08/07 02:24:14 | 000,891,098 | ---- | C] () -- C:\Users\Marjan\Desktop\SecurityCheck.exe[2013/08/07 02:05:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/08/07 02:05:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/08/07 02:05:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/08/07 02:05:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/08/07 02:05:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/08/07 01:51:05 | 013,399,154 | ---- | C] () -- C:\Users\Marjan\Desktop\mbar-1.06.0.1004.zip[2013/08/06 20:51:18 | 000,267,776 | ---- | C] () -- C:\Users\Marjan\AppData\Local\xUtgombQJ[2013/08/06 20:51:18 | 000,267,776 | ---- | C] () -- C:\ProgramData\oC4C9VxNeom[2013/08/06 20:51:18 | 000,267,776 | ---- | C] () -- C:\Users\Marjan\AppData\Roaming\Bsz1oXVEMxW[2013/08/04 04:24:17 | 000,014,949 | ---- | C] () -- C:\ads_err.adt[2013/08/04 04:24:17 | 000,004,554 | ---- | C] () -- C:\ads_err.adm[2013/08/04 04:24:17 | 000,003,072 | ---- | C] () -- C:\ads_err.adi[2013/07/31 19:04:30 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk[2013/07/22 17:13:49 | 000,001,127 | ---- | C] () -- C:\Users\Marjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk[2013/07/22 17:03:58 | 000,000,932 | ---- | C] () -- C:\Users\Marjan\Desktop\Evernote.lnk[2013/07/19 15:33:59 | 006,422,528 | ---- | C] () -- C:\Users\Marjan\Documents\Practice.mp.nvp[2013/07/19 11:21:26 | 004,194,304 | ---- | C] () -- C:\Users\Marjan\Documents\Marjan's Test Project.nvp[2013/07/19 04:22:20 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\QSR NVivo 10.lnk[2013/06/15 00:20:25 | 000,000,005 | ---- | C] () -- C:\Users\Marjan\AppData\Roaming\WBPU-TTL.DAT[2013/02/20 16:53:20 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini[2013/02/20 16:53:20 | 000,000,064 | ---- | C] () -- C:\Windows\brpcfx.ini[2013/02/20 16:51:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini[2013/02/20 16:51:21 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat[2013/01/20 08:41:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Pop Flute[2013/01/20 08:41:51 | 000,000,268 | RH-- | C] () -- C:\Users\Marjan\AppData\Roaming\Plug-In Settings[2013/01/20 08:41:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT[2012/05/07 18:15:08 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC990W.DAT[2012/02/07 15:28:10 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI[2011/12/29 00:50:47 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2011/12/28 11:16:22 | 000,819,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2011/12/28 09:36:39 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll[2011/12/28 09:36:39 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll[2011/12/27 15:43:23 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll[2011/12/27 15:28:15 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe[2011/12/27 15:20:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2011/09/26 19:23:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  5. NukeMeSlowly
    Sorry for omission; I must plead 3am fatigue: Here is the ComboFix Log: ComboFix 13-08-05.03 - Marjan 08/07/2013 2:07.1.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.6062 [GMT -4:00]Running from: c:\users\Marjan\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Marjan\g2mdlhlpx.exec:\windows\security\Database\tmp.edbc:\windows\SysWow64\instsrv.exec:\windows\SysWow64\SET3F71.tmp..((((((((((((((((((((((((( Files Created from 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))))..2013-08-07 05:56 . 2013-08-07 05:56 -------- d-----w- C:\FRST2013-08-07 05:53 . 2013-08-07 06:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-07 00:51 . 2013-08-07 09:39 -------- d-----w- c:\users\Marjan\AppData\Local\7zh41ioRd2013-08-06 23:01 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72C444F3-D993-42BE-B7BD-92F7155E87E4}\mpengine.dll2013-08-04 18:42 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-08-04 08:24 . 2013-08-04 08:24 -------- d-----w- c:\users\Marjan\AppData\Roaming\XCPCSync.OEM2013-07-31 22:38 . 2013-07-31 22:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information2013-07-31 22:38 . 2009-06-16 15:36 92672 ----a-w- c:\windows\system32\CNC860I.DLL2013-07-31 22:38 . 2009-02-19 17:20 299520 ----a-w- c:\windows\system32\CNC860L.DLL2013-07-31 22:38 . 2008-07-16 13:39 235008 ----a-w- c:\windows\system32\CNC860O.DLL2013-07-31 22:38 . 2009-06-16 15:37 1342976 ----a-w- c:\windows\system32\CNC860C.DLL2013-07-31 22:37 . 2008-09-11 13:40 131584 ----a-w- c:\windows\system32\CNC860Z.DLL2013-07-31 22:37 . 2008-09-11 13:39 244736 ----a-w- c:\windows\system32\CNMIU9N.DLL2013-07-31 22:37 . 2013-07-31 22:37 -------- d--h--w- c:\program files\CanonBJ2013-07-31 21:33 . 2013-07-31 23:10 -------- d--h--w- c:\programdata\CanonIJScan2013-07-28 15:49 . 2012-08-30 15:18 152064 ----a-w- c:\windows\system32\CNMN6UI.DLL2013-07-28 15:49 . 2012-08-30 15:18 252416 ----a-w- c:\windows\system32\CNMN6PPM.DLL2013-07-28 15:49 . 2012-08-30 15:15 366080 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL2013-07-22 21:04 . 2013-07-22 21:04 -------- d-----w- c:\users\Marjan\AppData\Local\Evernote2013-07-22 21:03 . 2013-07-22 21:03 -------- d-----w- c:\program files (x86)\Evernote2013-07-19 08:29 . 2013-07-19 08:29 -------- d-----w- c:\users\Marjan\AppData\Local\IsolatedStorage2013-07-19 08:27 . 2013-07-19 08:27 -------- d-----w- c:\users\Marjan\AppData\Roaming\QSR_International2013-07-19 08:22 . 2013-07-19 08:21 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C66D362-92B9-46FB-A38E-F0DFC7277711}\gapaengine.dll2013-07-19 08:22 . 2013-07-19 08:22 -------- d-----w- c:\programdata\QSR2013-07-19 08:22 . 2013-07-19 08:22 -------- d-----w- c:\program files\QSR2013-07-19 08:20 . 2013-07-19 08:21 -------- d-----w- c:\program files (x86)\QSR2013-07-19 08:18 . 2012-06-29 05:22 57288 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll2013-07-19 08:18 . 2012-06-29 05:17 86984 ----a-w- c:\windows\system32\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll2013-07-19 08:18 . 2012-06-29 05:22 82888 ----a-w- c:\windows\SysWow64\perf-MSSQL$QSRNVIVO10-sqlctr10.52.4000.0.dll2013-07-19 08:18 . 2012-06-29 05:17 88520 ----a-w- c:\windows\system32\perf-MSSQL$QSRNVIVO10-sqlctr10.52.4000.0.dll2013-07-19 08:17 . 2013-07-19 08:17 -------- d-----w- c:\windows\system32\RsFx2013-07-19 08:17 . 2013-07-19 08:17 -------- d-----w- c:\program files\Microsoft Visual Studio 9.02013-07-19 08:16 . 2013-07-19 08:16 -------- d-----w- c:\program files\Microsoft.NET2013-07-11 22:48 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2013-07-11 22:48 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll2013-07-11 22:48 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll2013-07-11 22:48 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll2013-07-11 22:48 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll2013-07-11 22:48 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-07-11 22:48 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll2013-07-11 22:48 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll2013-07-11 22:48 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll2013-07-11 22:48 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-11 22:48 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-11 22:44 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys2013-07-11 22:43 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-07-11 22:43 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-07-11 22:43 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-07-11 22:43 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-07-11 22:43 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-11 22:43 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-07-11 22:43 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-07-09 03:59 . 2013-07-09 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-07-09 03:59 . 2013-07-09 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-07-09 03:59 . 2013-07-09 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-07-09 03:59 . 2013-07-09 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-07-09 03:59 . 2013-07-09 03:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-07-09 03:59 . 2013-07-09 03:59 -------- d-----w- c:\program files (x86)\QuickTime...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-12 11:50 . 2012-07-20 00:43 78185248 ----a-w- c:\windows\system32\MRT.exe2013-06-21 07:51 . 2013-03-12 15:27 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-06-12 18:27 . 2012-08-09 23:54 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-12 18:27 . 2011-12-28 16:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-13 05:51 . 2013-06-12 17:55 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 05:51 . 2013-06-12 17:56 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 05:51 . 2013-06-12 17:55 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 05:50 . 2013-06-12 17:55 52224 ----a-w- c:\windows\system32\certenc.dll2013-05-13 04:45 . 2013-06-12 17:56 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-05-13 04:45 . 2013-06-12 17:55 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-05-13 04:45 . 2013-06-12 17:55 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-05-13 03:43 . 2013-06-12 17:56 1192448 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08 . 2013-06-12 17:56 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-05-13 03:08 . 2013-06-12 17:55 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-05-10 05:49 . 2013-06-12 17:56 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-05-10 03:20 . 2013-06-12 17:56 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Marjan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Marjan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 130736 ----a-w- c:\users\Marjan\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AnyTime Organizer"="c:\program files (x86)\AnyTime Organizer Deluxe\AtDem.exe" [2007-11-21 65536]"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2013-05-24 6154008]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]"AnySync"="c:\program files (x86)\AnySync\SyncLauncher.exe" [2011-03-21 41984]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-02-02 874624]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-27 343168]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2010-01-19 124256].c:\users\Marjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-22 1089888].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"DisableCAD"= 1 (0x1)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x]R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]R4 SQLAgent$QSRNVIVO10;SQL Server Agent (QSRNVIVO10);c:\program files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE [x]S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [x]S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S2 MSSQL$QSRNVIVO10;SQL Server (QSRNVIVO10);c:\program files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe [x]S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-01 02:31 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 18:27].2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 09:25].2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-31 09:25]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Marjan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Marjan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Marjan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-04-04 22:12 164016 ----a-w- c:\users\Marjan\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-12-04 196648]"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-12-04 485416]"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-07 525312]"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: NCapture for NVivo - c:\program files (x86)\QSR\NCapture\Internet Explorer\QSR.NCapture.IE.Resources.dll/101IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: {{b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - {b9c5d5a9-2b89-427d-bb30-32f567eaa60d} - mscoree.dllTCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-atr.exe - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exec:\program files (x86)\McAfee\Common Framework\FrameworkService.exec:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exec:\program files (x86)\McAfee\Common Framework\naPrdMgr.exec:\windows\system32\DRIVERS\o2flash.exec:\windows\sysWOW64\SDIOAssist.exec:\program files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exec:\program files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exec:\program files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-08-07 02:18:19 - machine was rebootedComboFix-quarantined-files.txt 2013-08-07 06:18.Pre-Run: 398,592,262,144 bytes freePost-Run: 397,925,982,208 bytes free.- - End Of File - - 2FC54B31E052F108952BDB1AFD12F50AA36C5E4F47E84449FF07ED3517B43A31 Please advise next steps.
  6. NukeMeSlowly
    Okay: TDSSKiller did not find anything so no logfile popped up. MBAR - also nothing detected: mbar-log.tx Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.08.07.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Marjan :: MARJAN-PC [administrator] 8/7/2013 1:53:06 AMmbar-log-2013-08-07 (01-53-06).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 252094Time elapsed: 8 minute(s), 32 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) MBAR system-log.txt ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 Java version: 1.6.0_33 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.494000 GHzMemory total: 8544776192, free: 6432505856 Downloaded database version: v2013.08.07.02Downloaded database version: v2013.08.06.01Initializing...------------ Kernel report ------------ 08/07/2013 01:53:03------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\vmbus.sys\SystemRoot\system32\drivers\winhv.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\stdcfltn.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\system32\DRIVERS\sbp2port.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\PBADRV.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\drivers\mfehidk.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\mfetdik.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\e1c62x64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\nusb3xhc.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\DRIVERS\o2sdjw7x64.sys\SystemRoot\system32\DRIVERS\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\O2MDRw7x64.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\parport.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\accelern.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\nusb3hub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdW76.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\cvusbdrv.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\mfeapfk.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WinUsb.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\System32\DRIVERS\scfilter.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\rpcrt4.dll\Windows\System32\nsi.dll\Windows\System32\ws2_32.dll\Windows\System32\lpk.dll\Windows\System32\oleaut32.dll\Windows\System32\shlwapi.dll\Windows\System32\psapi.dll\Windows\System32\ole32.dll\Windows\System32\difxapi.dll\Windows\System32\kernel32.dll\Windows\System32\msvcrt.dll\Windows\System32\comdlg32.dll\Windows\System32\imagehlp.dll\Windows\System32\normaliz.dll\Windows\System32\clbcatq.dll\Windows\System32\urlmon.dll\Windows\System32\shell32.dll\Windows\System32\user32.dll\Windows\System32\wininet.dll\Windows\System32\iertutil.dll\Windows\System32\usp10.dll\Windows\System32\Wldap32.dll\Windows\System32\advapi32.dll\Windows\System32\gdi32.dll\Windows\System32\msctf.dll\Windows\System32\setupapi.dll\Windows\System32\sechost.dll\Windows\System32\imm32.dll\Windows\System32\comctl32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007a27060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa80077f6060Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007a27060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007a27b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007a27060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8007914cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\DevicePointer: 0xfffffa80077f6060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 4042CAB4 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished Security Check checkup.txt Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 33 Java version out of Date! Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe McAfee VirusScan Enterprise x64 EngineServer.exe McAfee VirusScan Enterprise shstat.exe McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise x64 McShield.exe McAfee VirusScan Enterprise x64 mfeann.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` In terms of how my system is running - seems on track with before the virus hit. However, I do have an awful lot of stuff running in the background and I am not sure what I can safely eliminate without causing problems. Any ideas? Also, do I need to delete/uninstall all these antivirus tools (e.g., MBAR) now?
  7. NukeMeSlowly
    Thank You! Looks like I am able to log in normally. Here is the FRST Fix log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-08-2013 Ran by SYSTEM at 2013-08-07 01:39:16 Run:1 Running from F:\ Boot Mode: Recovery ============================================== HKU\Marjan\Software\Microsoft\Windows\CurrentVersion\Run\\0EnIeGij.exe => Value deleted successfully. HKU\Marjan\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Marjan\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. C:\Users\Marjan\AppData\Local\7zh41ioRd\0EnIeGij.exe => Moved successfully. C:\Users\Marjan\GoToAssistDownloadHelper.exe => Moved successfully. ==== End of Fixlog ==== What is next?
  8. NukeMeSlowly
    Hello: Need some help getting rid of this virus ASAP. Ran FRST on the infected laptop via a flash drive. Here is the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013 Ran by SYSTEM on 06-08-2013 21:56:28 Running from F:\ Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-12-04] (ActivIdentity) HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [485416 2009-12-04] (ActivIdentity) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] () HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [intelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1934608 2010-12-23] (Intel® Corporation) HKLM\...\Run: [MFNetworkScanUtility] - C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.) HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-06] (IDT, Inc.) HKLM\...\Run: [TdmNotify] - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\ScCertProp: wlnotify.dll [X] Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2008-03-14] (McAfee, Inc.) HKLM-x32\...\Run: [shStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2008-09-29] (McAfee, Inc.) HKLM-x32\...\Run: [atr.exe] - [x] HKLM-x32\...\Run: [AnySync] - C:\Program Files (x86)\AnySync\SyncLauncher.exe [41984 2011-03-21] (iAnywhere Solutions, Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Genie TimeLine Tray] - C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe [874624 2011-02-02] (Genie-soft) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-04-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.) HKLM-x32\...\Run: [iJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124256 2010-01-18] (CANON INC.) HKU\Marjan\...\Run: [AnyTime Organizer] - C:\Program Files (x86)\AnyTime Organizer Deluxe\AtDem.exe [65536 2007-11-21] (Individual Software, Inc.) HKU\Marjan\...\Run: [CCleaner] - C:\Program Files\CCleaner\CCleaner64.exe [6154008 2013-05-24] (Piriform Ltd) HKU\Marjan\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKU\Marjan\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.) HKU\Marjan\...\Run: [0EnIeGij.exe] - C:\Users\Marjan\AppData\Local\7zh41ioRd\0EnIeGij.exe [58880 2013-08-06] (Hkhxv) HKU\Marjan\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Marjan\...\Command Processor: "C:\Users\Marjan\AppData\Local\7zh41ioRd\0EnIeGij.exe" <===== ATTENTION! Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\Marjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Services (Whitelisted) ================= S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity) S2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [5873840 2011-03-18] (CANON INC.) S2 GenieTimelineService; C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [468096 2011-02-02] (Genie-Soft) S2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [17920 2008-09-29] (McAfee, Inc.) S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.) S2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [175072 2008-09-29] (McAfee, Inc.) S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2008-09-29] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [75656 2008-09-29] (McAfee, Inc.) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) S2 MSSQL$QSRNVIVO10; c:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe [62218696 2012-06-28] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) S4 SQLAgent$QSRNVIVO10; c:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-28] (Microsoft Corporation) S2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) S2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [96016 2008-09-29] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [118688 2008-09-29] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [465792 2008-09-29] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [75800 2008-09-29] (McAfee, Inc.) S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [82504 2008-09-29] (McAfee, Inc.) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-28] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-06 21:56 - 2013-08-06 21:56 - 00000000 ____D C:\FRST 2013-08-06 16:51 - 2013-08-06 17:01 - 00000000 ____D C:\Users\Marjan\AppData\Local\7zh41ioRd 2013-08-06 16:51 - 2013-08-06 16:51 - 00267776 _____ C:\Users\Marjan\AppData\Roaming\Bsz1oXVEMxW 2013-08-06 16:51 - 2013-08-06 16:51 - 00267776 _____ C:\Users\Marjan\AppData\Local\xUtgombQJ 2013-08-06 16:51 - 2013-08-06 16:51 - 00267776 _____ C:\ProgramData\oC4C9VxNeom 2013-08-06 14:41 - 2013-08-06 16:52 - 00000168 _____ C:\Windows\setupact.log 2013-08-06 14:41 - 2013-08-06 14:41 - 00000000 _____ C:\Windows\setuperr.log 2013-08-04 00:24 - 2013-08-04 00:33 - 00014949 _____ C:\ads_err.adt 2013-08-04 00:24 - 2013-08-04 00:24 - 00004554 _____ C:\ads_err.adm 2013-08-04 00:24 - 2013-08-04 00:24 - 00003072 _____ C:\ads_err.adi 2013-08-04 00:24 - 2013-08-04 00:24 - 00000000 ____D C:\Users\Marjan\AppData\Roaming\XCPCSync.OEM 2013-08-03 13:01 - 2013-08-03 14:22 - 00000000 ____D C:\Users\Marjan\Desktop\MPS Student Handbook 2013-08-03 10:29 - 2013-08-05 07:33 - 00000000 ____D C:\Users\Marjan\Desktop\MPS Website August 2013 2013-08-02 08:47 - 2013-08-06 17:04 - 00483888 _____ C:\Windows\WindowsUpdate.log 2013-07-31 15:04 - 2013-07-31 15:04 - 00002095 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk 2013-07-31 14:38 - 2013-07-31 14:38 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information 2013-07-31 14:38 - 2009-06-16 07:37 - 01342976 _____ (CANON INC.) C:\Windows\System32\CNC860C.DLL 2013-07-31 14:38 - 2009-06-16 07:36 - 00092672 _____ (CANON INC.) C:\Windows\System32\CNC860I.DLL 2013-07-31 14:38 - 2009-02-19 09:20 - 00299520 _____ (CANON INC.) C:\Windows\System32\CNC860L.DLL 2013-07-31 14:38 - 2008-07-16 05:39 - 00235008 _____ (Canon Inc.) C:\Windows\System32\CNC860O.DLL 2013-07-31 14:37 - 2013-07-31 14:37 - 00000000 ___HD C:\Program Files\CanonBJ 2013-07-31 14:37 - 2008-09-11 05:40 - 00131584 _____ (CANON INC.) C:\Windows\System32\CNC860Z.DLL 2013-07-31 14:37 - 2008-09-11 05:39 - 00244736 _____ (CANON INC.) C:\Windows\System32\CNMIU9N.DLL 2013-07-31 13:33 - 2013-07-31 15:10 - 00000000 ___HD C:\ProgramData\CanonIJScan 2013-07-28 07:49 - 2012-08-30 07:18 - 00252416 _____ (CANON INC.) C:\Windows\System32\CNMN6PPM.DLL 2013-07-28 07:49 - 2012-08-30 07:18 - 00152064 _____ (CANON INC.) C:\Windows\System32\CNMN6UI.DLL 2013-07-28 07:49 - 2012-08-30 07:15 - 00366080 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL 2013-07-22 13:04 - 2013-07-22 13:04 - 00000000 ____D C:\Users\Marjan\AppData\Local\Evernote 2013-07-22 13:03 - 2013-07-22 13:03 - 00000932 _____ C:\Users\Marjan\Desktop\Evernote.lnk 2013-07-22 13:03 - 2013-07-22 13:03 - 00000000 ____D C:\Program Files (x86)\Evernote 2013-07-19 11:33 - 2013-07-19 12:05 - 06422528 _____ C:\Users\Marjan\Documents\Practice.mp.nvp 2013-07-19 11:29 - 2013-07-19 11:29 - 00000000 ____D C:\Users\Marjan\Desktop\Sample Project Data 2013-07-19 07:21 - 2013-07-19 09:49 - 04194304 _____ C:\Users\Marjan\Documents\Marjan's Test Project.nvp 2013-07-19 00:29 - 2013-07-19 00:29 - 00000000 ____D C:\Users\Marjan\AppData\Local\IsolatedStorage 2013-07-19 00:27 - 2013-07-19 00:27 - 00000000 ____D C:\Users\Marjan\AppData\Roaming\QSR_International 2013-07-19 00:22 - 2013-07-19 09:50 - 00000000 ____D C:\Users\Public\Documents\NVivo 10 Samples 2013-07-19 00:22 - 2013-07-19 00:22 - 00001924 _____ C:\Users\Public\Desktop\QSR NVivo 10.lnk 2013-07-19 00:22 - 2013-07-19 00:22 - 00000000 ____D C:\ProgramData\QSR 2013-07-19 00:22 - 2013-07-19 00:22 - 00000000 ____D C:\Program Files\QSR 2013-07-19 00:20 - 2013-07-19 00:21 - 00000000 ____D C:\Program Files (x86)\QSR 2013-07-19 00:18 - 2012-06-28 21:22 - 00082888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$QSRNVIVO10-sqlctr10.52.4000.0.dll 2013-07-19 00:18 - 2012-06-28 21:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll 2013-07-19 00:18 - 2012-06-28 21:17 - 00088520 _____ (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$QSRNVIVO10-sqlctr10.52.4000.0.dll 2013-07-19 00:18 - 2012-06-28 21:17 - 00086984 _____ (Microsoft Corporation) C:\Windows\System32\perf-MSSQL10_50.QSRNVIVO10-sqlagtctr.dll 2013-07-19 00:17 - 2013-07-19 00:17 - 00000000 ____D C:\Windows\System32\RsFx 2013-07-19 00:17 - 2013-07-19 00:17 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0 2013-07-12 03:49 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-12 03:49 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-12 03:49 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-12 03:49 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-12 03:49 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-12 03:49 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-12 03:49 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-12 03:49 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-12 03:49 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-12 03:49 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-12 03:49 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-12 03:49 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-12 03:49 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-12 03:49 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-12 03:49 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-12 03:49 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-12 03:49 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-12 03:49 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-12 03:49 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 03:49 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-12 03:49 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-12 03:49 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 14:48 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-11 14:48 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 14:48 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-11 14:48 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 14:44 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-11 14:43 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 14:43 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-07-08 19:59 - 2013-07-08 19:59 - 00000000 ____D C:\Program Files (x86)\QuickTime ==================== One Month Modified Files and Folders ======= 2013-08-06 17:04 - 2013-08-02 08:47 - 00483888 _____ C:\Windows\WindowsUpdate.log 2013-08-06 17:01 - 2013-08-06 16:51 - 00000000 ____D C:\Users\Marjan\AppData\Local\7zh41ioRd 2013-08-06 17:00 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-06 17:00 - 2009-07-13 20:45 - 00014256 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-06 16:52 - 2013-08-06 14:41 - 00000168 _____ C:\Windows\setupact.log 2013-08-06 16:52 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-06 16:51 - 2013-08-06 16:51 - 00267776 _____ C:\Users\Marjan\AppData\Roaming\Bsz1oXVEMxW 2013-08-06 16:51 - 2013-08-06 16:51 - 00267776 _____ C:\Users\Marjan\AppData\Local\xUtgombQJ 2013-08-06 16:51 - 2013-08-06 16:51 - 00267776 _____ C:\ProgramData\oC4C9VxNeom 2013-08-06 16:27 - 2012-08-09 15:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-06 14:41 - 2013-08-06 14:41 - 00000000 _____ C:\Windows\setuperr.log 2013-08-05 07:33 - 2013-08-03 10:29 - 00000000 ____D C:\Users\Marjan\Desktop\MPS Website August 2013 2013-08-05 07:11 - 2013-04-09 08:51 - 00000000 ____D C:\Users\Marjan\Desktop\PACT April 2013_Setup 2013-08-04 00:33 - 2013-08-04 00:24 - 00014949 _____ C:\ads_err.adt 2013-08-04 00:24 - 2013-08-04 00:24 - 00004554 _____ C:\ads_err.adm 2013-08-04 00:24 - 2013-08-04 00:24 - 00003072 _____ C:\ads_err.adi 2013-08-04 00:24 - 2013-08-04 00:24 - 00000000 ____D C:\Users\Marjan\AppData\Roaming\XCPCSync.OEM 2013-08-04 00:22 - 2011-12-31 06:37 - 00000000 ____D C:\Program Files (x86)\AnyTime Organizer Deluxe 2013-08-03 14:22 - 2013-08-03 13:01 - 00000000 ____D C:\Users\Marjan\Desktop\MPS Student Handbook 2013-08-03 09:02 - 2009-07-13 21:13 - 00911684 _____ C:\Windows\System32\PerfStringBackup.INI 2013-07-31 15:10 - 2013-07-31 13:33 - 00000000 ___HD C:\ProgramData\CanonIJScan 2013-07-31 15:10 - 2012-06-03 12:39 - 00000000 ____D C:\Users\Marjan\AppData\Roaming\Canon 2013-07-31 15:04 - 2013-07-31 15:04 - 00002095 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk 2013-07-31 15:04 - 2011-12-28 07:00 - 00000000 ____D C:\Program Files (x86)\Canon 2013-07-31 14:38 - 2013-07-31 14:38 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information 2013-07-31 14:37 - 2013-07-31 14:37 - 00000000 ___HD C:\Program Files\CanonBJ 2013-07-31 13:07 - 2011-12-28 19:57 - 00000000 ____D C:\Users\Marjan\AppData\Roaming\Skype 2013-07-28 07:33 - 2012-07-23 17:34 - 00000000 ____D C:\Users\Marjan\Desktop\Papers (Active) 2013-07-22 13:04 - 2013-07-22 13:04 - 00000000 ____D C:\Users\Marjan\AppData\Local\Evernote 2013-07-22 13:03 - 2013-07-22 13:03 - 00000932 _____ C:\Users\Marjan\Desktop\Evernote.lnk 2013-07-22 13:03 - 2013-07-22 13:03 - 00000000 ____D C:\Program Files (x86)\Evernote 2013-07-19 12:05 - 2013-07-19 11:33 - 06422528 _____ C:\Users\Marjan\Documents\Practice.mp.nvp 2013-07-19 11:29 - 2013-07-19 11:29 - 00000000 ____D C:\Users\Marjan\Desktop\Sample Project Data 2013-07-19 09:50 - 2013-07-19 00:22 - 00000000 ____D C:\Users\Public\Documents\NVivo 10 Samples 2013-07-19 09:49 - 2013-07-19 07:21 - 04194304 _____ C:\Users\Marjan\Documents\Marjan's Test Project.nvp 2013-07-19 06:24 - 2013-03-13 20:54 - 00000000 ____D C:\Users\Marjan\Desktop\NATO 2013 Updated July 2013-07-19 06:14 - 2009-07-13 20:45 - 00419632 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-19 00:29 - 2013-07-19 00:29 - 00000000 ____D C:\Users\Marjan\AppData\Local\IsolatedStorage 2013-07-19 00:27 - 2013-07-19 00:27 - 00000000 ____D C:\Users\Marjan\AppData\Roaming\QSR_International 2013-07-19 00:27 - 2011-12-27 14:14 - 00110288 _____ C:\Users\Marjan\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-19 00:22 - 2013-07-19 00:22 - 00001924 _____ C:\Users\Public\Desktop\QSR NVivo 10.lnk 2013-07-19 00:22 - 2013-07-19 00:22 - 00000000 ____D C:\ProgramData\QSR 2013-07-19 00:22 - 2013-07-19 00:22 - 00000000 ____D C:\Program Files\QSR 2013-07-19 00:21 - 2013-07-19 00:20 - 00000000 ____D C:\Program Files (x86)\QSR 2013-07-19 00:17 - 2013-07-19 00:17 - 00000000 ____D C:\Windows\System32\RsFx 2013-07-19 00:17 - 2013-07-19 00:17 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0 2013-07-19 00:17 - 2011-12-28 07:13 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2013-07-19 00:17 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-19 00:15 - 2011-12-28 07:13 - 00000000 ____D C:\Windows\SysWOW64\1033 2013-07-19 00:15 - 2011-12-28 07:13 - 00000000 ____D C:\Windows\System32\1033 2013-07-19 00:15 - 2011-12-28 07:00 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2013-07-17 08:00 - 2011-12-27 14:15 - 00000000 ____D C:\Users\Marjan\AppData\Local\Citrix 2013-07-16 16:40 - 2011-12-28 09:01 - 00000000 ____D C:\Users\Marjan\Documents\Marjan 2013 Files 2013-07-15 07:26 - 2012-08-31 01:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-15 07:26 - 2012-08-31 01:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-14 14:56 - 2011-12-27 13:26 - 00000000 ____D C:\Windows\Panther 2013-07-14 14:54 - 2012-08-31 01:25 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-14 14:54 - 2012-08-31 01:25 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 11:49 - 2009-07-13 23:47 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 11:49 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 11:49 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-12 03:54 - 2011-12-28 06:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 03:50 - 2012-07-19 16:43 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-07-08 20:00 - 2011-12-28 19:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-07-08 20:00 - 2011-12-28 19:57 - 00000000 ____D C:\ProgramData\Skype 2013-07-08 19:59 - 2013-07-08 19:59 - 00000000 ____D C:\Program Files (x86)\QuickTime Files to move or delete: ==================== C:\Users\Marjan\AppData\Local\7zh41ioRd\0EnIeGij.exe C:\Users\Marjan\GoToAssistDownloadHelper.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-07-16 14:26:18 Restore point made on: 2013-07-19 00:21:37 Restore point made on: 2013-07-21 10:33:21 Restore point made on: 2013-07-22 13:03:48 Restore point made on: 2013-07-24 14:32:07 Restore point made on: 2013-07-28 07:01:43 Restore point made on: 2013-08-01 10:10:55 Restore point made on: 2013-08-04 10:41:55 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 8148.93 MB Available physical RAM: 7086.31 MB Total Pagefile: 8147.08 MB Available Pagefile: 7076.67 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:371.47 GB) NTFS (Disk=0 Partition=2) Drive f: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4042CAB4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 983 MB) (Disk ID: 00000000) Partition 1: (Active) - (Size=983 MB) - (Type=0E) LastRegBack: 2013-08-02 17:12 ==================== End Of Log ============================ Please advise next steps
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.