1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected computer - running extremely slow!

Discussion in 'Virus & Other Malware Removal' started by homer77, Oct 28, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    My computer boots up fine and windows xp seems to load normally but then a random program launches on its own...sometimes its firefox, another time it was aimersoft video converter and then just freezes up for a long time. I am eventually able to carry out another task but each task takes a long time. I did not even try to connect to the internet because everything is so slow. I used another laptop to download the required files and transferred them to the infected laptop and ran the logs...this took forever also. I have posted them here below HijackThis Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:51:31 PM, on 10/28/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21357) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe C:\Program Files\Aimersoft\Video Converter Ultimate\AiVCUSplash.exe C:\Program Files\Aimersoft\Video Converter Ultimate\VideoConverterUltimate.exe C:\PROGRA~1\COMMON~1\AIMERS~1\AIMERS~1\ASHelper.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Documents and Settings\All others\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: WsSVRIEHelper - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://v.risradiology.com O16 - DPF: MIW Deployment - https://www.mycommunitypatients.com/downloads/MIWDeploy.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1369704505676 O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D}: NameServer = 8.26.56.26,156.154.70.22 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACS Client Updater - Agfa Healthcare Inc. - C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 9849 bytes DDS log DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.21357 BrowserJavaVersion: 1.6.0_31 Run by All others at 22:27:34 on 2013-10-28 . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\COMMON~1\AIMERS~1\AIMERS~1\ASHelper.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://us.yahoo.com?fr=fp-comodo BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Aimersoft Video Converter Ultimate: {54F73992-6549-4369-9A0D-84FD310A464A} - c:\program files\aimersoft\video converter ultimate\SVRIEPlugin.dll BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - uRun: [Google Update] "c:\documents and settings\all others\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [nwiz] nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [dla] c:\windows\system32\dla\tfswctrl.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: MIW Deployment - hxxps://www.mycommunitypatients.com/downloads/MIWDeploy.cab DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369704505676 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.spvod.com/soft/vjocx-ch-spvod.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D} : NameServer = 8.26.56.26,156.154.70.22 Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll Notify: LMIinit - LMIinit.dll AppInit_DLLs= c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\all others\application data\mozilla\firefox\profiles\fs4ut0ip.default-1370650309639\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= FF - plugin: c:\documents and settings\all others\application data\mozilla\firefox\profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]\plugins\NP_2020Player_WEB.dll FF - plugin: c:\documents and settings\all others\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\all others\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\all others\application data\mozilla\plugins\npo1d.dll FF - plugin: c:\documents and settings\all others\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll . ============= SERVICES / DRIVERS =============== . R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? hitmanpro35;Hitman Pro 3.5 Support Driver R? LMIRfsClientNP;LMIRfsClientNP R? SIUSBXP;SIUSBXP R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? AntiVirSchedulerService;Avira AntiVir Scheduler S? AntiVirService;Avira AntiVir Guard S? avgio;avgio S? avgntflt;avgntflt S? cmdAgent;COMODO Internet Security Helper Service S? cmdGuard;COMODO Internet Security Sandbox Driver S? cmdHlp;COMODO Internet Security Helper Driver S? LBeepKE;LBeepKE S? LMIGuardianSvc;LMIGuardianSvc S? LMIInfo;LogMeIn Kernel Information Provider S? LMIRfsDriver;LogMeIn Remote File System Driver S? NEOFLTR_650_15255;Juniper Networks TDI Filter Driver (NEOFLTR_650_15255) S? PACS Client Updater;PACS Client Updater S? RapportCerberus_56758;RapportCerberus_56758 S? RapportCerberus_59849;RapportCerberus_59849 S? RapportEI;RapportEI S? RapportKELL;RapportKELL S? RapportMgmtService;Rapport Management Service S? RapportPG;RapportPG S? Seagate Dashboard Services;Seagate Dashboard Services . =============== Created Last 30 ================ . 2013-10-17 19:04:56 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-10-09 17:31:28 -------- d-----w- c:\documents and settings\all others\local settings\application data\Citrix 2013-10-09 01:34:43 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys 2013-10-09 01:28:30 46848 -c----w- c:\windows\system32\dllcache\irbus.sys 2013-10-09 01:28:29 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-09 01:26:12 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-09 01:26:12 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-10-09 01:26:11 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-10-03 02:04:38 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-03 00:31:05 -------- d-----w- C:\Impax 2013-10-03 00:27:42 -------- d-----w- C:\Users 2013-10-03 00:26:53 -------- d-----w- c:\documents and settings\all users\Impax . ==================== Find3M ==================== . 2013-10-09 01:28:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-09 01:28:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-23 17:35:28 841216 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 17:35:27 78336 ----a-w- c:\windows\system32\ieencode.dll 2013-09-23 17:35:27 3626496 ----a-w- c:\windows\system32\SET128.tmp 2013-09-23 17:35:27 1830912 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 17:35:27 17408 ----a-w- c:\windows\system32\corpol.dll 2013-09-04 13:47:50 991232 ----a-w- c:\windows\system32\ieframe.dll.mui 2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll . ============= FINISH: 22:38:57.84 =============== ATTACH.txt log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 8/26/2009 2:38:51 PM System Uptime: 10/28/2013 8:46:26 PM (2 hours ago) . Motherboard: Dell Computer Corporation | | Processor: Intel(R) Pentium(R) M processor 1400MHz | Microprocessor | 1398/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 56 GiB total, 8.675 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.05) Adobe Shockwave Player 12.0 AGFA IMPAX Client 6.5.1.1008 Aimersoft Video Converter Ultimate(Build 5.5.1.0) Apple Application Support Apple Mobile Device Support Apple Software Update Avira AntiVir Personal - Free Antivirus BCM V.92 56K Modem Bonjour Broadcom 440x 10/100 Integrated Controller Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 4.1 Canon MX880 series MP Drivers Canon MX880 series User Registration Canon My Printer Canon Solution Menu EX Canon Speed Dial Utility CDDRV_Installer COMODO Internet Security Coupon Printer for Windows Dell ResourceCD Dell Wireless WLAN Utility doPDF 7.2 printer Dropbox DVD Flick 1.3.0.7 erLT ffdshow [rev 2202] [2008-10-10] FileZilla Client 3.5.3 Fitbit Base Station (Driver Removal) Free DVD Creator version 2.0 Google Chrome Google Drive Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ImgBurn iTunes Java Auto Updater Java(TM) 6 Update 31 Juniper Networks Network Connect 6.5.0 Juniper Networks Secure Application Manager Juniper Networks Setup Client Juniper Networks Setup Client Activex Control K-Lite Codec Pack 5.4.4 (Basic) KhalInstallWrapper Logitech SetPoint LogMeIn Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ Run Time Lib Setup Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers OGA Notifier 2.0.0048.0 OpalRAD Image Viewer (remove only) PDF Split And Merge Basic Picasa 3 QuickTime Rapport Seagate Dashboard 2.0 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2675157) Security Update for Windows Internet Explorer 7 (KB2699988) Security Update for Windows Internet Explorer 7 (KB2722913) Security Update for Windows Internet Explorer 7 (KB2744842) Security Update for Windows Internet Explorer 7 (KB2761465) Security Update for Windows Internet Explorer 7 (KB2792100) Security Update for Windows Internet Explorer 7 (KB2797052) Security Update for Windows Internet Explorer 7 (KB2799329) Security Update for Windows Internet Explorer 7 (KB2809289) Security Update for Windows Internet Explorer 7 (KB2817183) Security Update for Windows Internet Explorer 7 (KB2829530) Security Update for Windows Internet Explorer 7 (KB2838727) Security Update for Windows Internet Explorer 7 (KB2846071) Security Update for Windows Internet Explorer 7 (KB2862772) Security Update for Windows Internet Explorer 7 (KB2870699) Security Update for Windows Internet Explorer 7 (KB2879017) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2183461) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SigmaTel AC97 Audio Drivers Sonic DLA Sonic MyDVD Sonic RecordNow! Sonic Update Manager swMSM Trusteer Endpoint Protection Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973815) Update for Windows XP (KB980182) Visual C++ Runtime for Dragon NaturallySpeaking VLC media player 2.0.4 Vuze Vz In Home Agent WebFldrs XP Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Installer Clean Up Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell(TM) 1.0 Windows XP Service Pack 3 . ==== End Of File =========================== ark.txt log GMER 2.1.19163 - http://www.gmer.net Rootkit quick scan 2013-10-28 22:48:47 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD0A 55.89GB Running: jdvrg7fq.exe; Driver: C:\DOCUME~1\ALLOTH~1\LOCALS~1\Temp\fwtdypob.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 117194178 ! Disk \Device\Harddisk0\DR0 PE file @ sector 117194200 ! ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xB854582A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xB8545A80] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_15255.SYS AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_15255.SYS AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_15255.SYS AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_15255.SYS ---- EOF - GMER 2.1 ---- thank you for your help....
     
  2. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    My computer boots up fine and windows xp seems to load normally but then a random program launches on its own...sometimes its firefox, another time it was aimersoft video converter and then just freezes up for a long time. I am eventually able to carry out another task but each task takes a long time. I did not even try to connect to the internet because everything is so slow. I used another laptop to download the required files and transferred them to the infected laptop and ran the logs...this took forever also. I have posted them here below

    HijackThis Log
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:51:31 PM, on 10/28/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21357)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
    C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\Program Files\Aimersoft\Video Converter Ultimate\AiVCUSplash.exe
    C:\Program Files\Aimersoft\Video Converter Ultimate\VideoConverterUltimate.exe
    C:\PROGRA~1\COMMON~1\AIMERS~1\AIMERS~1\ASHelper.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Documents and Settings\All others\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: WsSVRIEHelper - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://v.risradiology.com
    O16 - DPF: MIW Deployment - https://www.mycommunitypatients.com/downloads/MIWDeploy.cab
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1369704505676
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D}: NameServer = 8.26.56.26,156.154.70.22
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACS Client Updater - Agfa Healthcare Inc. - C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 9849 bytes

    DDS
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.21357 BrowserJavaVersion: 1.6.0_31
    Run by All others at 22:27:34 on 2013-10-28
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
    C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\COMMON~1\AIMERS~1\AIMERS~1\ASHelper.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: Aimersoft Video Converter Ultimate: {54F73992-6549-4369-9A0D-84FD310A464A} - c:\program files\aimersoft\video converter ultimate\SVRIEPlugin.dll
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
    BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [Google Update] "c:\documents and settings\all others\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
    mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: MIW Deployment - hxxps://www.mycommunitypatients.com/downloads/MIWDeploy.cab
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369704505676
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.spvod.com/soft/vjocx-ch-spvod.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D} : NameServer = 8.26.56.26,156.154.70.22
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    Notify: LMIinit - LMIinit.dll
    AppInit_DLLs= c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\all others\application data\mozilla\firefox\profiles\fs4ut0ip.default-1370650309639\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=fp-comodo
    FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
    FF - plugin: c:\documents and settings\all others\application data\mozilla\firefox\profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]\plugins\NP_2020Player_WEB.dll
    FF - plugin: c:\documents and settings\all others\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\all others\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\all others\application data\mozilla\plugins\npo1d.dll
    FF - plugin: c:\documents and settings\all others\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? hitmanpro35;Hitman Pro 3.5 Support Driver
    R? LMIRfsClientNP;LMIRfsClientNP
    R? SIUSBXP;SIUSBXP
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? AntiVirSchedulerService;Avira AntiVir Scheduler
    S? AntiVirService;Avira AntiVir Guard
    S? avgio;avgio
    S? avgntflt;avgntflt
    S? cmdAgent;COMODO Internet Security Helper Service
    S? cmdGuard;COMODO Internet Security Sandbox Driver
    S? cmdHlp;COMODO Internet Security Helper Driver
    S? LBeepKE;LBeepKE
    S? LMIGuardianSvc;LMIGuardianSvc
    S? LMIInfo;LogMeIn Kernel Information Provider
    S? LMIRfsDriver;LogMeIn Remote File System Driver
    S? NEOFLTR_650_15255;Juniper Networks TDI Filter Driver (NEOFLTR_650_15255)
    S? PACS Client Updater;PACS Client Updater
    S? RapportCerberus_56758;RapportCerberus_56758
    S? RapportCerberus_59849;RapportCerberus_59849
    S? RapportEI;RapportEI
    S? RapportKELL;RapportKELL
    S? RapportMgmtService;Rapport Management Service
    S? RapportPG;RapportPG
    S? Seagate Dashboard Services;Seagate Dashboard Services
    .
    =============== Created Last 30 ================
    .
    2013-10-17 19:04:56 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2013-10-09 17:31:28 -------- d-----w- c:\documents and settings\all others\local settings\application data\Citrix
    2013-10-09 01:34:43 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
    2013-10-09 01:28:30 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
    2013-10-09 01:28:29 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
    2013-10-09 01:26:12 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
    2013-10-09 01:26:12 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
    2013-10-09 01:26:11 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
    2013-10-03 02:04:38 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-10-03 00:31:05 -------- d-----w- C:\Impax
    2013-10-03 00:27:42 -------- d-----w- C:\Users
    2013-10-03 00:26:53 -------- d-----w- c:\documents and settings\all users\Impax
    .
    ==================== Find3M ====================
    .
    2013-10-09 01:28:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-10-09 01:28:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-09-23 17:35:28 841216 ----a-w- c:\windows\system32\wininet.dll
    2013-09-23 17:35:27 78336 ----a-w- c:\windows\system32\ieencode.dll
    2013-09-23 17:35:27 3626496 ----a-w- c:\windows\system32\SET128.tmp
    2013-09-23 17:35:27 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2013-09-23 17:35:27 17408 ----a-w- c:\windows\system32\corpol.dll
    2013-09-04 13:47:50 991232 ----a-w- c:\windows\system32\ieframe.dll.mui
    2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
    2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
    2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
    2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
    .
    ============= FINISH: 22:38:57.84 ===============

    ATTACH
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/26/2009 2:38:51 PM
    System Uptime: 10/28/2013 8:46:26 PM (2 hours ago)
    .
    Motherboard: Dell Computer Corporation | |
    Processor: Intel(R) Pentium(R) M processor 1400MHz | Microprocessor | 1398/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 8.675 GiB free.
    D: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.05)
    Adobe Shockwave Player 12.0
    AGFA IMPAX Client 6.5.1.1008
    Aimersoft Video Converter Ultimate(Build 5.5.1.0)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BCM V.92 56K Modem
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon IJ Network Scanner Selector EX
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.1
    Canon MX880 series MP Drivers
    Canon MX880 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Canon Speed Dial Utility
    CDDRV_Installer
    COMODO Internet Security
    Coupon Printer for Windows
    Dell ResourceCD
    Dell Wireless WLAN Utility
    doPDF 7.2 printer
    Dropbox
    DVD Flick 1.3.0.7
    erLT
    ffdshow [rev 2202] [2008-10-10]
    FileZilla Client 3.5.3
    Fitbit Base Station (Driver Removal)
    Free DVD Creator version 2.0
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImgBurn
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Juniper Networks Network Connect 6.5.0
    Juniper Networks Secure Application Manager
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    K-Lite Codec Pack 5.4.4 (Basic)
    KhalInstallWrapper
    Logitech SetPoint
    LogMeIn
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ Run Time Lib Setup
    Mozilla Firefox 24.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpalRAD Image Viewer (remove only)
    PDF Split And Merge Basic
    Picasa 3
    QuickTime
    Rapport
    Seagate Dashboard 2.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2675157)
    Security Update for Windows Internet Explorer 7 (KB2699988)
    Security Update for Windows Internet Explorer 7 (KB2722913)
    Security Update for Windows Internet Explorer 7 (KB2744842)
    Security Update for Windows Internet Explorer 7 (KB2761465)
    Security Update for Windows Internet Explorer 7 (KB2792100)
    Security Update for Windows Internet Explorer 7 (KB2797052)
    Security Update for Windows Internet Explorer 7 (KB2799329)
    Security Update for Windows Internet Explorer 7 (KB2809289)
    Security Update for Windows Internet Explorer 7 (KB2817183)
    Security Update for Windows Internet Explorer 7 (KB2829530)
    Security Update for Windows Internet Explorer 7 (KB2838727)
    Security Update for Windows Internet Explorer 7 (KB2846071)
    Security Update for Windows Internet Explorer 7 (KB2862772)
    Security Update for Windows Internet Explorer 7 (KB2870699)
    Security Update for Windows Internet Explorer 7 (KB2879017)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SigmaTel AC97 Audio Drivers
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    swMSM
    Trusteer Endpoint Protection
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    Visual C++ Runtime for Dragon NaturallySpeaking
    VLC media player 2.0.4
    Vuze
    Vz In Home Agent
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    .
    ==== End Of File ===========================

    ARK
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/26/2009 2:38:51 PM
    System Uptime: 10/28/2013 8:46:26 PM (2 hours ago)
    .
    Motherboard: Dell Computer Corporation | |
    Processor: Intel(R) Pentium(R) M processor 1400MHz | Microprocessor | 1398/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 56 GiB total, 8.675 GiB free.
    D: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.05)
    Adobe Shockwave Player 12.0
    AGFA IMPAX Client 6.5.1.1008
    Aimersoft Video Converter Ultimate(Build 5.5.1.0)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BCM V.92 56K Modem
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon IJ Network Scanner Selector EX
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.1
    Canon MX880 series MP Drivers
    Canon MX880 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Canon Speed Dial Utility
    CDDRV_Installer
    COMODO Internet Security
    Coupon Printer for Windows
    Dell ResourceCD
    Dell Wireless WLAN Utility
    doPDF 7.2 printer
    Dropbox
    DVD Flick 1.3.0.7
    erLT
    ffdshow [rev 2202] [2008-10-10]
    FileZilla Client 3.5.3
    Fitbit Base Station (Driver Removal)
    Free DVD Creator version 2.0
    Google Chrome
    Google Drive
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImgBurn
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Juniper Networks Network Connect 6.5.0
    Juniper Networks Secure Application Manager
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    K-Lite Codec Pack 5.4.4 (Basic)
    KhalInstallWrapper
    Logitech SetPoint
    LogMeIn
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ Run Time Lib Setup
    Mozilla Firefox 24.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpalRAD Image Viewer (remove only)
    PDF Split And Merge Basic
    Picasa 3
    QuickTime
    Rapport
    Seagate Dashboard 2.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2675157)
    Security Update for Windows Internet Explorer 7 (KB2699988)
    Security Update for Windows Internet Explorer 7 (KB2722913)
    Security Update for Windows Internet Explorer 7 (KB2744842)
    Security Update for Windows Internet Explorer 7 (KB2761465)
    Security Update for Windows Internet Explorer 7 (KB2792100)
    Security Update for Windows Internet Explorer 7 (KB2797052)
    Security Update for Windows Internet Explorer 7 (KB2799329)
    Security Update for Windows Internet Explorer 7 (KB2809289)
    Security Update for Windows Internet Explorer 7 (KB2817183)
    Security Update for Windows Internet Explorer 7 (KB2829530)
    Security Update for Windows Internet Explorer 7 (KB2838727)
    Security Update for Windows Internet Explorer 7 (KB2846071)
    Security Update for Windows Internet Explorer 7 (KB2862772)
    Security Update for Windows Internet Explorer 7 (KB2870699)
    Security Update for Windows Internet Explorer 7 (KB2879017)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SigmaTel AC97 Audio Drivers
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    swMSM
    Trusteer Endpoint Protection
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB980182)
    Visual C++ Runtime for Dragon NaturallySpeaking
    VLC media player 2.0.4
    Vuze
    Vz In Home Agent
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    .
    ==== End Of File ===========================
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    Hi homer77,
    -----------------------------------------------
    We need to remove some troublesome programs, and your second antivirus.
    You should only have one antivirus.
    -----------------------------------------------
    Rapport has also been very troublesome to many users, and may also prevent fixing the machine. We will remove it.
    If you wish you may re-install it after we are through cleaning.
    -----------------------------------------------
    It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bearshare, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
    Criminals have "planted" thousands upon thousands of infections in the "free" shared torrent files.
    Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
    -----------------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
    Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

    COMODO Internet Security
    Coupon Printer for Windows
    ffdshow [rev 2202] [2008-10-10]
    Java(TM) 6 Update 31
    Rapport
    Trusteer Endpoint Protection
    Vuze

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ---------------------------------------------
    Run a Scan with OTL
    • For WinXP, double click on the OTL icon to run it.
    • Check the boxes labeled :
      • Scan All Users
      • LOP check
      • Purity check
      • Extra Registry > Use SafeList
    • Make sure all other windows are closed to let it run uninterrupted.
    • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
      When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
    OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
    The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

    So we are looking for the contents of the two logs from OTL.
    Let me know how it goes.
    When you copy and paste, be sure to use Notepad with word wrap unchecked (Format > Word Wrap)

    askey127
     
  4. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    Hello,

    I was able to delete all the programs except i saw no rapport and when i tried to delete Trusteer Endpoint it said that it might have already been uninstalled and asked me to remove it from the control panel and so I did that. Then when I tried to remove Vuze I got an error msg stating that 'no JVM found in your system Please define EXE4J_JAVA_HOME to point to an installed 32-bit JDK or JRE or download a JRE from www.java.com "

    so i am unable to remove Vuze from the control panel

    Again I had to use the other laptop to download the olt.exe file onto a USB drive and transfer to the infected laptop and was able to run it successfully. I have posted the logs here

    OTL logfile created on: 10/29/2013 8:32:29 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\All others\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.25 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 47.54% Memory free
    1.69 Gb Paging File | 1.13 Gb Available in Paging File | 66.65% Paging File free
    Paging file location(s): C:\pagefile.sys 600 1200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.84 Gb Total Space | 8.61 Gb Free Space | 15.42% Space Free | Partition Type: NTFS
    Drive F: | 1.94 Gb Total Space | 0.14 Gb Free Space | 7.19% Space Free | Partition Type: FAT

    Computer Name: VAIDYA | User Name: All others | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/29 20:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    PRC - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/10/17 15:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2013/06/07 20:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2013/05/30 11:23:18 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    PRC - [2013/05/30 11:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    PRC - [2012/03/27 09:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
    PRC - [2011/07/17 12:52:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/04/21 01:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/21 01:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/02/12 19:01:00 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/28 21:03:06 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2013/10/09 20:58:41 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\303ee4c8a3e5ee6ee63bbb9dccb3ae1d\System.Xml.Linq.ni.dll
    MOD - [2013/10/09 20:56:31 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/09 20:49:44 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/09 14:35:28 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d5b949ce49c52b48c6012d4100e9f272\System.ServiceModel.Routing.ni.dll
    MOD - [2013/10/09 14:35:26 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0991480e062731a80dfb4da63488f901\System.ServiceModel.Discovery.ni.dll
    MOD - [2013/10/09 14:35:23 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\499106911ed2b69e2d659e7bdb800ef6\System.ServiceModel.Channels.ni.dll
    MOD - [2013/10/09 14:35:21 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0d621aadc7266eb56c60b58db0c47635\System.ServiceModel.Activities.ni.dll
    MOD - [2013/10/09 14:35:15 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll
    MOD - [2013/10/09 14:34:26 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\226bf686752309b3a23a816fa9ee3c09\System.IdentityModel.ni.dll
    MOD - [2013/10/09 14:31:02 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/10/09 14:30:56 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
    MOD - [2013/10/09 12:25:28 | 001,836,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\80a490b1cf884604ab8d3458b1fb762c\Microsoft.VisualBasic.ni.dll
    MOD - [2013/10/08 23:03:56 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
    MOD - [2013/10/08 23:03:04 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
    MOD - [2013/10/08 23:03:01 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
    MOD - [2013/10/08 23:02:45 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll
    MOD - [2013/10/08 23:02:10 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll
    MOD - [2013/10/08 23:01:48 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll
    MOD - [2013/08/16 08:31:27 | 001,886,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\729ef05a2df18630db7f0a28dd0ec155\System.Web.Services.ni.dll
    MOD - [2013/08/16 08:31:18 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
    MOD - [2013/08/16 08:30:17 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
    MOD - [2013/08/16 08:26:52 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/16 08:26:46 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
    MOD - [2013/08/16 08:26:41 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
    MOD - [2013/08/16 08:26:34 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
    MOD - [2013/08/16 08:24:24 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/15 23:10:10 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/15 23:07:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
    MOD - [2013/08/15 23:06:38 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
    MOD - [2013/08/15 23:04:55 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
    MOD - [2013/08/15 22:59:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/08/06 01:39:21 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
    MOD - [2013/07/14 09:40:17 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    MOD - [2010/06/17 09:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/10/08 21:28:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/04 10:53:24 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/06/07 20:46:05 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2013/06/07 20:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2013/05/30 11:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
    SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2012/03/27 09:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) [Auto | Running] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
    SRV - [2011/07/17 12:52:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2009/09/24 04:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
    SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLOTH~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/10/28 21:02:38 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
    DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2013/06/07 20:45:35 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2013/05/30 17:37:38 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2012/04/02 14:47:26 | 000,021,992 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
    DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2011/07/17 12:52:09 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/07/17 12:52:09 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 09:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 09:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/04/21 10:05:44 | 000,015,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2010/02/18 20:24:58 | 000,085,360 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_15255.SYS -- (NEOFLTR_650_15255)
    DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2009/08/26 15:26:30 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2004/02/20 10:13:58 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
    DRV - [2004/02/20 10:13:56 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/01/19 11:28:48 | 000,256,688 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
    DRV - [2003/08/28 23:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2003/05/15 12:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2002/11/18 11:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes,DefaultScope = {D45B4C68-BDA1-4BD2-9ED4-38071862B273}
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=en_DE
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{82FE1E3D-180D-4251-B18D-8870048DA9E5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{D45B4C68-BDA1-4BD2-9ED4-38071862B273}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
    FF - prefs.js..extensions.enabledAddons: %7BCF13FA66-1F4F-426d-BB1B-E07A13BFF2C8%7D:5.0.0
    FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:1.0
    FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.94.0
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/07/12 13:53:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/04 10:52:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/04 10:52:41 | 000,000,000 | ---D | M]

    [2009/12/23 16:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Extensions
    [2013/10/25 12:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions
    [2013/08/21 10:11:19 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/08/20 08:43:06 | 000,003,443 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/10/25 12:41:48 | 000,534,765 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/10/29 19:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/10/04 10:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/10/04 10:53:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/07/12 13:53:36 | 000,000,000 | ---D | M] (Aimersoft Video Converter Ultimate) -- C:\PROGRAM FILES\AIMERSOFT\VIDEO CONVERTER ULTIMATE\SVRFIREFOXEXT
    [2012/12/21 23:12:42 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/04/14 11:15:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enDE342DE346
    CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
    CHR - plugin: 20-20 3D Viewer for WEB (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\NP_2020Player_WEB.dll
    CHR - plugin: Aimersoft Video Convert Chrome Plugin (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\npSVRChromePlugin.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Docs = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Cast = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1008.0.1_0\
    CHR - Extension: Google Search = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: 20-20 3D Viewer for Virtual Studio = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\
    CHR - Extension: Aimersoft Video Converter Ultimate = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Gmail = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/10/02 23:08:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..Trusted Domains: risradiology.com ([v] http in Trusted sites)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1369704505676 (MUWebControl Class)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.spvod.com/soft/vjocx-ch-spvod.cab (VodClient Control Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: MIW Deployment https://www.mycommunitypatients.com/downloads/MIWDeploy.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D}: NameServer = 8.26.56.26,156.154.70.22
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/26 14:31:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/29 20:30:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/29 19:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2013/10/28 21:48:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 21:44:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/10 19:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Desktop\Baby
    [2013/10/09 13:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Local Settings\Application Data\Citrix
    [2013/10/08 21:34:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
    [2013/10/08 21:28:30 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
    [2013/10/08 21:28:29 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
    [2013/10/08 21:26:12 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
    [2013/10/08 21:26:12 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
    [2013/10/08 21:26:11 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
    [2013/10/04 10:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/10/02 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2013/10/02 22:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/10/02 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2013/10/02 20:31:05 | 000,000,000 | ---D | C] -- C:\Impax
    [2013/10/02 20:27:42 | 000,000,000 | ---D | C] -- C:\Users
    [2013/10/02 20:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Impax
    [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/10/29 20:37:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004UA.job
    [2013/10/29 20:28:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2013/10/29 20:28:13 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/10/29 20:28:12 | 000,043,348 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2013/10/29 20:27:22 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/10/29 20:25:25 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/10/29 20:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/10/29 20:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/29 19:42:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/10/28 21:14:58 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/28 21:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 21:13:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/28 11:57:12 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004Core.job
    [2013/10/28 11:57:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/10/19 16:52:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/16 14:16:57 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 14:15:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/15 23:21:45 | 000,000,596 | ---- | M] () -- C:\WINDOWS\tasks\All others1.job
    [2013/10/15 23:21:43 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/15 23:10:27 | 000,000,594 | ---- | M] () -- C:\WINDOWS\tasks\All others.job
    [2013/10/15 20:04:03 | 000,000,606 | ---- | M] () -- C:\WINDOWS\tasks\All others Merge.job
    [2013/10/14 20:36:55 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/10 19:51:07 | 003,642,877 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 13:44:36 | 000,152,280 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 13:43:36 | 000,194,209 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 13:41:21 | 000,103,197 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 13:40:42 | 000,268,727 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 13:40:26 | 000,269,039 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 13:40:00 | 000,172,638 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/10/09 20:42:47 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/09 18:21:42 | 000,607,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/10/09 18:21:42 | 000,109,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/10/09 18:12:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/10/09 14:22:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/10/08 22:23:22 | 000,379,339 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\clip.jpg
    [2013/10/08 21:28:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/10/08 21:28:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/10/02 22:07:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/10/28 21:48:42 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/16 14:16:57 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 14:15:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/14 22:27:09 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/10 19:51:05 | 003,642,877 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 13:44:29 | 000,152,280 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 13:43:01 | 000,194,209 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 13:41:18 | 000,103,197 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 13:40:39 | 000,268,727 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 13:40:20 | 000,269,039 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 13:39:55 | 000,172,638 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/10/02 22:07:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2013/09/30 22:11:06 | 000,379,339 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\clip.jpg
    [2013/08/04 22:55:29 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-1383384898-1343024091-1004-0.dat
    [2013/08/04 22:55:17 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/07/12 13:53:31 | 000,721,917 | ---- | C] () -- C:\WINDOWS\System32\AiCM64.dll
    [2013/07/12 13:53:31 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\AiCM32.dll
    [2012/08/19 15:03:55 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\fusioncache.dat
    [2012/06/02 14:07:03 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\All others\Application Data\SAS7_000.DAT
    [2012/04/11 11:10:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/13 15:27:36 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2010/09/12 08:32:30 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2012/05/28 16:14:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2010/09/09 10:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/08/07 17:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Aimersoft Video Converter Ultimate
    [2013/02/16 00:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Azureus
    [2011/09/18 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Canon
    [2011/09/14 22:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Canon Easy-WebPrint EX
    [2012/12/21 23:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Catalina Marketing Corp
    [2013/10/14 19:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Dropbox
    [2013/01/30 22:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\ElevatedDiagnostics
    [2012/06/06 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\FileZilla
    [2013/01/30 21:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Freecorder 7 Video
    [2010/09/17 17:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\ImgBurn
    [2009/11/28 05:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\InfraRecorder
    [2012/08/19 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Juniper Networks
    [2009/11/28 05:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Leadertech
    [2010/09/12 08:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Leawo
    [2009/12/11 12:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Lexmark Productivity Studio
    [2010/03/06 08:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\mjusbsp
    [2013/02/04 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\MyPublisher
    [2012/05/28 15:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Nuance
    [2011/11/13 15:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\PrimoPDF
    [2013/08/04 11:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Seagate
    [2011/11/13 15:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Softland
    [2012/05/28 09:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\TeamViewer
    [2011/08/24 19:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\TechWizard
    [2010/09/17 16:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Uniblue
    [2013/07/12 13:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
    [2013/10/02 22:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/10/28 20:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aimersoft Video Converter Ultimate
    [2011/09/14 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
    [2011/09/14 22:29:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/09/14 22:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
    [2011/09/18 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
    [2011/09/18 20:27:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2011/09/14 22:48:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
    [2011/09/14 22:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
    [2011/09/14 22:46:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
    [2011/09/14 22:48:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
    [2013/10/01 22:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2011/09/18 20:30:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/09/14 22:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
    [2011/09/14 22:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
    [2012/09/20 08:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitbit
    [2010/04/18 14:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2012/08/08 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2013/08/07 09:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2012/05/28 15:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2013/08/04 11:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2012/06/06 17:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2013/08/13 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2013/07/12 10:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare AllMyTube
    [2013/07/11 18:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare Application Common Data
    [2013/07/12 13:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare Player
    [2013/10/15 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
    [2010/11/12 05:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/25 07:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/11/13 15:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
    [2012/05/06 09:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neel\Application Data\Softland

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA

    < End of report >

    OTL Extras logfile created on: 10/29/2013 8:32:29 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\All others\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.25 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 47.54% Memory free
    1.69 Gb Paging File | 1.13 Gb Available in Paging File | 66.65% Paging File free
    Paging file location(s): C:\pagefile.sys 600 1200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.84 Gb Total Space | 8.61 Gb Free Space | 15.42% Space Free | Partition Type: NTFS
    Drive F: | 1.94 Gb Total Space | 0.14 Gb Free Space | 7.19% Space Free | Partition Type: FAT

    Computer Name: VAIDYA | User Name: All others | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1"
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Documents and Settings\All others\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\All others\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\All others\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\All others\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Documents and Settings\All others\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\All others\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
    "{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}" = Google Talk Plugin
    "{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
    "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3D13E1-EC63-452D-8D61-47D46E07A328}" = AGFA IMPAX Client 6.5.1.1008
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
    "{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 5.5.1.0)
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BCM V.92 56K Modem" = BCM V.92 56K Modem
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Utility
    "Canon MX880 series User Registration" = Canon MX880 series User Registration
    "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "doPDF 7 printer_is1" = doPDF 7.2 printer
    "DVD Flick_is1" = DVD Flick 1.3.0.7
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "FileZilla Client" = FileZilla Client 3.5.3
    "FITBIT&10C4&84C4" = Fitbit Base Station (Driver Removal)
    "Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
    "Google Chrome" = Google Chrome
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ImgBurn" = ImgBurn
    "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
    "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "OpalRAD Image Viewer" = OpalRAD Image Viewer (remove only)
    "Picasa 3" = Picasa 3
    "Speed Dial Utility" = Canon Speed Dial Utility
    "STANDARDR" = Microsoft Office Standard 2007
    "VLC media player" = VLC media player 2.0.4
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Juniper_Setup_Client" = Juniper Networks Setup Client

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/29/2013 7:13:14 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 7:13:14 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 7:47:28 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 7:47:28 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 7:47:36 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 7:47:36 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 8:23:26 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 8:23:26 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 8:26:43 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 10/29/2013 8:26:43 PM | Computer Name = VAIDYA | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    [ System Events ]
    Error - 10/29/2013 7:13:31 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7000
    Description = The VJVodClientServices service failed to start due to the following
    error: %%1053

    Error - 10/29/2013 7:15:32 PM | Computer Name = VAIDYA | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 10/29/2013 7:15:35 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Google Update Service
    (gupdate) service to connect.

    Error - 10/29/2013 7:15:35 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%1053

    Error - 10/29/2013 7:48:03 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the VJVodClientServices service
    to connect.

    Error - 10/29/2013 7:48:03 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7000
    Description = The VJVodClientServices service failed to start due to the following
    error: %%1053

    Error - 10/29/2013 7:51:06 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
    Service service to connect.

    Error - 10/29/2013 7:51:06 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7000
    Description = The Application Layer Gateway Service service failed to start due
    to the following error: %%1053

    Error - 10/29/2013 8:23:44 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the VJVodClientServices service
    to connect.

    Error - 10/29/2013 8:23:44 PM | Computer Name = VAIDYA | Source = Service Control Manager | ID = 7000
    Description = The VJVodClientServices service failed to start due to the following
    error: %%1053


    < End of report >
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    Homer77,
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :processes
      killallprocesses
      
      :OTL
      SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
      DRV - [2013/10/28 21:02:38 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32 _59849.sys -- (RapportCerberus_59849)
      DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
      DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
      DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
      IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
      IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=SPC&o=15000&src=crm&q={searchTerms}&locale=en_DE
      [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
      [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
      CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
      CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\Vuze\Azureus.exe" =-
      
      :Files
      C:\Program Files\Vuze
      C:\Documents and Settings\All others\Application Data\Azureus
      C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport
      C:\Program Files\Trusteer
      C:\WINDOWS\system32\drivers\RapportKELL.sys
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top. This could take a while.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • Copy the contents of that file and post it in your next reply.
      That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, a new version of OTL.txt, in a separate reply.

    Let me know if it appears to be fast enough to use now, without requiring the second machine.
    askey127
     
  6. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    Hello,

    FIX log file
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== PROCESSES ==========
    ========== OTL ==========
    Error: Unable to stop service RapportMgmtService!
    Unable to delete service\driver key RapportMgmtService.
    File move failed. C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe scheduled to be moved on reboot.
    Error: Unable to stop service RapportCerberus_59849!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportCerberus_59849 deleted successfully.
    File C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32 _59849.sys not found.
    Error: Unable to stop service RapportEI!
    Unable to delete service\driver key RapportEI.
    File move failed. C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys scheduled to be moved on reboot.
    Error: Unable to stop service RapportPG!
    Unable to delete service\driver key RapportPG.
    File move failed. C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys scheduled to be moved on reboot.
    Error: Unable to stop service RapportKELL!
    Unable to delete service\driver key RapportKELL.
    File move failed. C:\WINDOWS\system32\drivers\RapportKELL.sys scheduled to be moved on reboot.
    Registry value HKEY_USERS\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
    C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
    C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
    File C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll not found.
    File C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Vuze\Azureus.exe deleted successfully.
    ========== FILES ==========
    C:\Program Files\Vuze\plugins\azupnpav folder moved successfully.
    C:\Program Files\Vuze\plugins\azupdater folder moved successfully.
    C:\Program Files\Vuze\plugins\azrating folder moved successfully.
    C:\Program Files\Vuze\plugins\azplugins folder moved successfully.
    C:\Program Files\Vuze\plugins\azitunes folder moved successfully.
    C:\Program Files\Vuze\plugins folder moved successfully.
    C:\Program Files\Vuze\.install4j folder moved successfully.
    C:\Program Files\Vuze folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\updates folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\torrents folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\tmp folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\shares folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\rss folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\plugins\mlab folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\plugins\azupnpav folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\plugins folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\net folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\logs folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\dht folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus\active folder moved successfully.
    C:\Documents and Settings\All others\Application Data\Azureus folder moved successfully.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\channels scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\tmp scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\quarantine scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\global_store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\55594 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\46125 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57772 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57404 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\56758 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\51755 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58770 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58118 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\meta scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\install scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\system32\drivers\RapportKELL.sys scheduled to be moved on reboot.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\All others\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\All others\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: Administrator

    User: All others
    ->Java cache emptied: 6220261 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: LogMeInRemoteUser

    User: Neel
    ->Java cache emptied: 37302769 bytes

    User: NetworkService

    Total Java Files Cleaned = 42.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All others
    ->Flash cache emptied: 243581 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 41620 bytes

    User: LocalService

    User: LogMeInRemoteUser
    ->Flash cache emptied: 41620 bytes

    User: Neel
    ->Flash cache emptied: 985 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator

    User: All others
    ->Temp folder emptied: 3165117544 bytes
    ->Temporary Internet Files folder emptied: 340252910 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 18704128 bytes
    ->Google Chrome cache emptied: 270741751 bytes
    ->Apple Safari cache emptied: 184564736 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Neel
    ->Temp folder emptied: 432444 bytes
    ->Temporary Internet Files folder emptied: 261133 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 21607615 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 96320933 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1145933 bytes
    %systemroot%\System32 .tmp files removed: 14871057 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 394142425 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 356257968 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 41380 bytes
    RecycleBin emptied: 4098822684 bytes

    Total Files Cleaned = 8,548.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10302013_175247
    Files\Folders moved on Reboot...
    File move failed. C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe scheduled to be moved on reboot.
    File move failed. C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys scheduled to be moved on reboot.
    File move failed. C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys scheduled to be moved on reboot.
    File move failed. C:\WINDOWS\system32\drivers\RapportKELL.sys scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\channels scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\channels scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user scheduled to be moved on reboot.
    File\Folder C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\tmp not found!
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\quarantine scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\global_store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\quarantine scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\global_store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\55594 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\46125 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\55594 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\46125 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57772 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57404 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57772 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57404 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\56758 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\51755 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\56758 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\51755 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58770 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58118 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58770 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58118 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\55594 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\46125 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57772 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57404 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\56758 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\51755 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58770 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58118 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\channels scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\quarantine scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\global_store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\55594 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\46125 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57772 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57404 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\56758 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\51755 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58770 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58118 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\meta scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\install scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412946 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1412190 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\strings scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\logos scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\1410539 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000\processed scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf\00000 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\conf scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user\channels scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\user scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\quarantine scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores\global_store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\safe_stores scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\TanzanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportVB scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\55594 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\46125 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57772 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\57404 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\56758 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\51755 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58770 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\58118 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\NikkoLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline\x64 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\baseline scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\59849 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\54737 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight\53813 scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\KoanLight scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\meta scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\install scheduled to be moved on reboot.
    Folder move failed. C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\nikko scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js\bu2 scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\strings scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\pt scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\nl scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\ja scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\fr scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\es scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\en scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang\de scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\lang scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\js scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\popup scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img\dashboard scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\img scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\images scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html\css scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data\html scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\data scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport\bin scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer\Rapport scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\Trusteer scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_930.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  7. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    OTL logfile created on: 10/30/2013 7:38:23 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\All others\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.25 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 53.30% Memory free
    1.69 Gb Paging File | 1.19 Gb Available in Paging File | 70.18% Paging File free
    Paging file location(s): C:\pagefile.sys 600 1200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.84 Gb Total Space | 17.03 Gb Free Space | 30.49% Space Free | Partition Type: NTFS
    Drive F: | 1.94 Gb Total Space | 0.14 Gb Free Space | 7.18% Space Free | Partition Type: FAT

    Computer Name: VAIDYA | User Name: All others | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/29 20:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    PRC - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/10/17 15:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2013/06/07 20:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2013/05/30 11:23:18 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    PRC - [2013/05/30 11:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    PRC - [2012/03/27 09:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
    PRC - [2011/07/17 12:52:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/04/21 01:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/21 01:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/28 21:03:06 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2013/10/09 20:58:41 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\303ee4c8a3e5ee6ee63bbb9dccb3ae1d\System.Xml.Linq.ni.dll
    MOD - [2013/10/09 20:56:31 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/09 20:49:44 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/09 14:35:28 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d5b949ce49c52b48c6012d4100e9f272\System.ServiceModel.Routing.ni.dll
    MOD - [2013/10/09 14:35:26 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0991480e062731a80dfb4da63488f901\System.ServiceModel.Discovery.ni.dll
    MOD - [2013/10/09 14:35:23 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\499106911ed2b69e2d659e7bdb800ef6\System.ServiceModel.Channels.ni.dll
    MOD - [2013/10/09 14:35:21 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0d621aadc7266eb56c60b58db0c47635\System.ServiceModel.Activities.ni.dll
    MOD - [2013/10/09 14:35:15 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll
    MOD - [2013/10/09 14:34:26 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\226bf686752309b3a23a816fa9ee3c09\System.IdentityModel.ni.dll
    MOD - [2013/10/09 14:31:02 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/10/09 14:30:56 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
    MOD - [2013/10/09 12:25:28 | 001,836,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\80a490b1cf884604ab8d3458b1fb762c\Microsoft.VisualBasic.ni.dll
    MOD - [2013/10/08 23:03:56 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
    MOD - [2013/10/08 23:03:04 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
    MOD - [2013/10/08 23:03:01 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
    MOD - [2013/10/08 23:02:45 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll
    MOD - [2013/10/08 23:02:10 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll
    MOD - [2013/10/08 23:01:48 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll
    MOD - [2013/08/16 08:31:27 | 001,886,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\729ef05a2df18630db7f0a28dd0ec155\System.Web.Services.ni.dll
    MOD - [2013/08/16 08:31:18 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
    MOD - [2013/08/16 08:30:17 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
    MOD - [2013/08/16 08:26:52 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/16 08:26:46 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
    MOD - [2013/08/16 08:26:41 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
    MOD - [2013/08/16 08:26:34 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
    MOD - [2013/08/16 08:24:24 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/15 23:10:10 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/15 23:07:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
    MOD - [2013/08/15 23:06:38 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
    MOD - [2013/08/15 23:04:55 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
    MOD - [2013/08/15 22:59:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/08/06 01:39:21 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
    MOD - [2013/07/14 09:40:17 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    MOD - [2010/06/17 09:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/10/08 21:28:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/04 10:53:24 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/06/07 20:46:05 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2013/06/07 20:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2013/05/30 11:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
    SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2012/03/27 09:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) [Auto | Running] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
    SRV - [2011/07/17 12:52:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2009/09/24 04:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
    SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLOTH~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/10/28 21:02:38 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
    DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2013/06/07 20:45:35 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2013/05/30 17:37:38 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2012/04/02 14:47:26 | 000,021,992 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
    DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2011/07/17 12:52:09 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/07/17 12:52:09 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 09:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 09:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/04/21 10:05:44 | 000,015,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2010/02/18 20:24:58 | 000,085,360 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_15255.SYS -- (NEOFLTR_650_15255)
    DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2009/08/26 15:26:30 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2004/02/20 10:13:58 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
    DRV - [2004/02/20 10:13:56 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/01/19 11:28:48 | 000,256,688 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
    DRV - [2003/08/28 23:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2003/05/15 12:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2002/11/18 11:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes,DefaultScope = {D45B4C68-BDA1-4BD2-9ED4-38071862B273}
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{82FE1E3D-180D-4251-B18D-8870048DA9E5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\SearchScopes\{D45B4C68-BDA1-4BD2-9ED4-38071862B273}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
    FF - prefs.js..extensions.enabledAddons: %7BCF13FA66-1F4F-426d-BB1B-E07A13BFF2C8%7D:5.0.0
    FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:1.0
    FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.94.0
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/07/12 13:53:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/04 10:52:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 17:58:20 | 000,000,000 | ---D | M]

    [2009/12/23 16:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Extensions
    [2013/10/25 12:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions
    [2013/08/21 10:11:19 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/08/20 08:43:06 | 000,003,443 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/10/25 12:41:48 | 000,534,765 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/10/29 19:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/10/04 10:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/10/04 10:53:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/07/12 13:53:36 | 000,000,000 | ---D | M] (Aimersoft Video Converter Ultimate) -- C:\PROGRAM FILES\AIMERSOFT\VIDEO CONVERTER ULTIMATE\SVRFIREFOXEXT
    [2012/12/21 23:12:42 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2012/04/14 11:15:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enDE342DE346
    CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
    CHR - plugin: 20-20 3D Viewer for WEB (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\NP_2020Player_WEB.dll
    CHR - plugin: Aimersoft Video Convert Chrome Plugin (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\npSVRChromePlugin.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Docs = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Cast = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1008.0.1_0\
    CHR - Extension: Google Search = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: 20-20 3D Viewer for Virtual Studio = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\
    CHR - Extension: Aimersoft Video Converter Ultimate = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Gmail = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/10/02 23:08:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..Trusted Domains: risradiology.com ([v] http in Trusted sites)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1369704505676 (MUWebControl Class)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.spvod.com/soft/vjocx-ch-spvod.cab (VodClient Control Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: MIW Deployment https://www.mycommunitypatients.com/downloads/MIWDeploy.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D}: NameServer = 8.26.56.26,156.154.70.22
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/26 14:31:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/30 17:52:48 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/10/29 20:30:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/29 19:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2013/10/28 21:48:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 21:44:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/10 19:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Desktop\Baby
    [2013/10/09 13:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Local Settings\Application Data\Citrix
    [2013/10/04 10:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/10/02 22:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2013/10/02 22:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/10/02 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
    [2013/10/02 20:31:05 | 000,000,000 | ---D | C] -- C:\Impax
    [2013/10/02 20:27:42 | 000,000,000 | ---D | C] -- C:\Users
    [2013/10/02 20:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Impax

    ========== Files - Modified Within 30 Days ==========

    [2013/10/30 19:42:01 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/10/30 19:37:08 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004UA.job
    [2013/10/30 19:30:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2013/10/30 19:29:50 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/10/30 19:29:48 | 000,043,348 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2013/10/30 19:27:59 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/10/30 19:27:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/10/30 18:59:25 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/10/30 17:37:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004Core.job
    [2013/10/29 20:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/28 21:14:58 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/28 21:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 21:13:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/28 11:57:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/10/19 16:52:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/16 14:16:57 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 14:15:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/15 23:21:45 | 000,000,596 | ---- | M] () -- C:\WINDOWS\tasks\All others1.job
    [2013/10/15 23:21:43 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/15 23:10:27 | 000,000,594 | ---- | M] () -- C:\WINDOWS\tasks\All others.job
    [2013/10/15 20:04:03 | 000,000,606 | ---- | M] () -- C:\WINDOWS\tasks\All others Merge.job
    [2013/10/14 20:36:55 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/10 19:51:07 | 003,642,877 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 13:44:36 | 000,152,280 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 13:43:36 | 000,194,209 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 13:41:21 | 000,103,197 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 13:40:42 | 000,268,727 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 13:40:26 | 000,269,039 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 13:40:00 | 000,172,638 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/10/09 20:42:47 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/09 18:21:42 | 000,607,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/10/09 18:21:42 | 000,109,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/10/09 18:12:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/10/09 14:22:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/10/08 22:23:22 | 000,379,339 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\clip.jpg
    [2013/10/02 22:07:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2013/10/28 21:48:42 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/16 14:16:57 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 14:15:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/14 22:27:09 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/10 19:51:05 | 003,642,877 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 13:44:29 | 000,152,280 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 13:43:01 | 000,194,209 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 13:41:18 | 000,103,197 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 13:40:39 | 000,268,727 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 13:40:20 | 000,269,039 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 13:39:55 | 000,172,638 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/10/02 22:07:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2013/09/30 22:11:06 | 000,379,339 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\clip.jpg
    [2013/08/04 22:55:29 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-1383384898-1343024091-1004-0.dat
    [2013/08/04 22:55:17 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/07/12 13:53:31 | 000,721,917 | ---- | C] () -- C:\WINDOWS\System32\AiCM64.dll
    [2013/07/12 13:53:31 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\AiCM32.dll
    [2012/08/19 15:03:55 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\fusioncache.dat
    [2012/06/02 14:07:03 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\All others\Application Data\SAS7_000.DAT
    [2012/04/11 11:10:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/13 15:27:36 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2010/09/12 08:32:30 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2012/05/28 16:14:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2010/09/09 10:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/08/07 17:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Aimersoft Video Converter Ultimate
    [2011/09/18 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Canon
    [2011/09/14 22:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Canon Easy-WebPrint EX
    [2012/12/21 23:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Catalina Marketing Corp
    [2013/10/14 19:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Dropbox
    [2013/01/30 22:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\ElevatedDiagnostics
    [2012/06/06 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\FileZilla
    [2013/01/30 21:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Freecorder 7 Video
    [2010/09/17 17:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\ImgBurn
    [2009/11/28 05:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\InfraRecorder
    [2012/08/19 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Juniper Networks
    [2009/11/28 05:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Leadertech
    [2010/09/12 08:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Leawo
    [2009/12/11 12:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Lexmark Productivity Studio
    [2010/03/06 08:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\mjusbsp
    [2013/02/04 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\MyPublisher
    [2012/05/28 15:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Nuance
    [2011/11/13 15:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\PrimoPDF
    [2013/08/04 11:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Seagate
    [2011/11/13 15:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Softland
    [2012/05/28 09:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\TeamViewer
    [2011/08/24 19:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\TechWizard
    [2010/09/17 16:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Uniblue
    [2013/07/12 13:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
    [2013/10/02 22:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/10/28 20:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aimersoft Video Converter Ultimate
    [2011/09/14 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
    [2011/09/14 22:29:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/09/14 22:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
    [2011/09/18 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
    [2011/09/18 20:27:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2011/09/14 22:48:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
    [2011/09/14 22:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
    [2011/09/14 22:46:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
    [2011/09/14 22:48:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
    [2013/10/01 22:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2011/09/18 20:30:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/09/14 22:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
    [2011/09/14 22:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
    [2012/09/20 08:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitbit
    [2010/04/18 14:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2012/08/08 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2013/08/07 09:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2012/05/28 15:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2013/08/04 11:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2012/06/06 17:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2013/08/13 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2013/07/12 10:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare AllMyTube
    [2013/07/11 18:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare Application Common Data
    [2013/07/12 13:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare Player
    [2013/10/15 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
    [2010/11/12 05:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/25 07:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/11/13 15:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
    [2012/05/06 09:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Neel\Application Data\Softland

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA
    < End of report >
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    homer77,
    -----------------------------------------------------------
    Stop and Disable The Trusteer Rapport Service
    Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
    Scroll down and find the service.

    RapportMgmtService

    Click once on the service to highlight it.
    Right-Click on the service. Click on Properties
    Select the General tab.
    Next to Service Status, click Stop.
    Click the Arrow-down tab on the right-hand side of the Start-up Type box.
    From the drop-down menu, click on Disabled
    Click Apply , then OK
    ----------------------------------------------
    REBOOT the machine in Normal Mode
    ----------------------------------------------
    Perform a Custom Fix with OTL
    (This will be much quicker than last time)
    Run OTL
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKU\S-1-5-21-790525478-1383384898-1343024091-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
      
      :Files
      C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
      C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
      C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport
      C:\Program Files\Trusteer\Rapport\bin\js32.dll
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • You DO NOT NEED TO POST the contents of that FIX log file.
    ----------------------------------------------
    After posting the Resulting log, Please Rescan as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.

    Tell me if it is running well enough to be used on its own.
    askey127
     
  9. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    Hello

    I tried to disable rapport services as you outlined but unable to do so
    Under the general tab all options under service status are grayed out.
    Also when I change startup type to disabled and try to click apply or ok it gives me an error saying that access is denied

    I did not perform any of the other steps as I was not sure

    Thx
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    Please try to perform all the other steps.
    We will take care of Rapport.
     
  11. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    Hello,

    The computer is running a lot better...no delays with common tasks. I am using firefox, still have not tired chrome which was crashing before.

    Here is the OTL scan log, thanks

    OTL logfile created on: 11/1/2013 11:17:35 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\All others\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.25 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 59.39% Memory free
    1.69 Gb Paging File | 1.19 Gb Available in Paging File | 70.49% Paging File free
    Paging file location(s): C:\pagefile.sys 600 1200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.84 Gb Total Space | 17.70 Gb Free Space | 31.69% Space Free | Partition Type: NTFS

    Computer Name: VAIDYA | User Name: All others | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/29 20:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    PRC - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/10/17 15:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2013/06/07 20:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2013/05/30 11:23:18 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    PRC - [2013/05/30 11:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    PRC - [2012/03/27 09:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
    PRC - [2011/07/17 12:52:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/04/21 01:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/21 01:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/02/12 19:01:00 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/28 21:03:06 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2013/10/09 20:58:41 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\303ee4c8a3e5ee6ee63bbb9dccb3ae1d\System.Xml.Linq.ni.dll
    MOD - [2013/10/09 20:56:31 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/09 20:49:44 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/09 14:35:28 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d5b949ce49c52b48c6012d4100e9f272\System.ServiceModel.Routing.ni.dll
    MOD - [2013/10/09 14:35:26 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0991480e062731a80dfb4da63488f901\System.ServiceModel.Discovery.ni.dll
    MOD - [2013/10/09 14:35:23 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\499106911ed2b69e2d659e7bdb800ef6\System.ServiceModel.Channels.ni.dll
    MOD - [2013/10/09 14:35:21 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0d621aadc7266eb56c60b58db0c47635\System.ServiceModel.Activities.ni.dll
    MOD - [2013/10/09 14:35:15 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll
    MOD - [2013/10/09 14:34:26 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\226bf686752309b3a23a816fa9ee3c09\System.IdentityModel.ni.dll
    MOD - [2013/10/09 14:31:02 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/10/09 14:30:56 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
    MOD - [2013/10/09 12:25:28 | 001,836,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\80a490b1cf884604ab8d3458b1fb762c\Microsoft.VisualBasic.ni.dll
    MOD - [2013/10/08 23:03:56 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
    MOD - [2013/10/08 23:03:04 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
    MOD - [2013/10/08 23:03:01 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
    MOD - [2013/10/08 23:02:45 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll
    MOD - [2013/10/08 23:02:10 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll
    MOD - [2013/10/08 23:01:48 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll
    MOD - [2013/08/16 08:31:27 | 001,886,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\729ef05a2df18630db7f0a28dd0ec155\System.Web.Services.ni.dll
    MOD - [2013/08/16 08:31:18 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
    MOD - [2013/08/16 08:30:17 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
    MOD - [2013/08/16 08:26:52 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/16 08:26:46 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
    MOD - [2013/08/16 08:26:41 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
    MOD - [2013/08/16 08:26:34 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
    MOD - [2013/08/16 08:24:24 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/15 23:10:10 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/15 23:07:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
    MOD - [2013/08/15 23:06:38 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
    MOD - [2013/08/15 23:04:55 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
    MOD - [2013/08/15 22:59:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/08/06 01:39:21 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
    MOD - [2013/07/14 09:40:17 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    MOD - [2010/06/17 09:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/10/08 21:28:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/04 10:53:24 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/06/07 20:46:05 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2013/06/07 20:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2013/05/30 11:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
    SRV - [2012/04/02 12:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2012/03/27 09:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) [Auto | Running] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
    SRV - [2011/07/17 12:52:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/21 01:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/07/27 05:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2009/09/24 04:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
    SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLOTH~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/10/28 21:02:38 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
    DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2013/06/07 20:45:35 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2013/05/30 17:37:38 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2012/04/02 14:47:26 | 000,021,992 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
    DRV - [2012/04/02 12:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2011/07/17 12:52:09 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/07/17 12:52:09 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 09:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 09:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/04/21 10:05:44 | 000,015,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
    DRV - [2010/02/18 20:24:58 | 000,085,360 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_15255.SYS -- (NEOFLTR_650_15255)
    DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2009/08/26 15:26:30 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2004/02/20 10:13:58 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
    DRV - [2004/02/20 10:13:56 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/01/19 11:28:48 | 000,256,688 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
    DRV - [2003/08/28 23:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2003/05/15 12:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2002/11/18 11:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
    IE - HKCU\..\SearchScopes,DefaultScope = {D45B4C68-BDA1-4BD2-9ED4-38071862B273}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKCU\..\SearchScopes\{82FE1E3D-180D-4251-B18D-8870048DA9E5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{D45B4C68-BDA1-4BD2-9ED4-38071862B273}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
    FF - prefs.js..extensions.enabledAddons: %7BCF13FA66-1F4F-426d-BB1B-E07A13BFF2C8%7D:5.0.0
    FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:1.0
    FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.94.0
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/07/12 13:53:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/04 10:52:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 17:58:20 | 000,000,000 | ---D | M]

    [2009/12/23 16:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Extensions
    [2013/10/25 12:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions
    [2013/08/21 10:11:19 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/08/20 08:43:06 | 000,003,443 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/10/25 12:41:48 | 000,534,765 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/10/29 19:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/10/04 10:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/10/04 10:53:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/07/12 13:53:36 | 000,000,000 | ---D | M] (Aimersoft Video Converter Ultimate) -- C:\PROGRAM FILES\AIMERSOFT\VIDEO CONVERTER ULTIMATE\SVRFIREFOXEXT
    [2012/12/21 23:12:42 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2012/04/14 11:15:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enDE342DE346
    CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
    CHR - plugin: 20-20 3D Viewer for WEB (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\NP_2020Player_WEB.dll
    CHR - plugin: Aimersoft Video Convert Chrome Plugin (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\npSVRChromePlugin.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Docs = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Cast = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1008.0.1_0\
    CHR - Extension: Google Search = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: 20-20 3D Viewer for Virtual Studio = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\
    CHR - Extension: Aimersoft Video Converter Ultimate = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Gmail = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/10/02 23:08:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: risradiology.com ([v] http in Trusted sites)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1369704505676 (MUWebControl Class)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.spvod.com/soft/vjocx-ch-spvod.cab (VodClient Control Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: MIW Deployment https://www.mycommunitypatients.com/downloads/MIWDeploy.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D}: NameServer = 8.26.56.26,156.154.70.22
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/26 14:31:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/30 17:52:48 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/10/29 20:30:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/29 19:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2013/10/28 21:48:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 21:44:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/10 19:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Desktop\Baby
    [2013/10/09 13:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Local Settings\Application Data\Citrix
    [2013/10/04 10:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

    ========== Files - Modified Within 30 Days ==========

    [2013/11/01 23:25:19 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/11/01 23:16:30 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/11/01 23:16:28 | 000,043,348 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2013/11/01 23:15:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2013/11/01 23:15:26 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/01 22:42:54 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/01 22:37:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004UA.job
    [2013/11/01 22:17:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/11/01 17:37:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004Core.job
    [2013/10/31 21:52:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/10/29 20:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/28 21:14:58 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/28 21:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 21:13:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/19 16:52:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/16 14:16:57 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 14:15:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/15 23:21:45 | 000,000,596 | ---- | M] () -- C:\WINDOWS\tasks\All others1.job
    [2013/10/15 23:21:43 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/15 23:10:27 | 000,000,594 | ---- | M] () -- C:\WINDOWS\tasks\All others.job
    [2013/10/15 20:04:03 | 000,000,606 | ---- | M] () -- C:\WINDOWS\tasks\All others Merge.job
    [2013/10/14 20:36:55 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/10 19:51:07 | 003,642,877 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 13:44:36 | 000,152,280 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 13:43:36 | 000,194,209 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 13:41:21 | 000,103,197 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 13:40:42 | 000,268,727 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 13:40:26 | 000,269,039 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 13:40:00 | 000,172,638 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/10/09 20:42:47 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/09 18:21:42 | 000,607,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/10/09 18:21:42 | 000,109,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/10/09 18:12:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/10/09 14:22:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/10/08 22:23:22 | 000,379,339 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\clip.jpg

    ========== Files Created - No Company Name ==========

    [2013/10/28 21:48:42 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/16 14:16:57 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 14:15:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/14 22:27:09 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/10 19:51:05 | 003,642,877 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 13:44:29 | 000,152,280 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 13:43:01 | 000,194,209 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 13:41:18 | 000,103,197 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 13:40:39 | 000,268,727 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 13:40:20 | 000,269,039 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 13:39:55 | 000,172,638 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/08/04 22:55:29 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-1383384898-1343024091-1004-0.dat
    [2013/08/04 22:55:17 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/07/12 13:53:31 | 000,721,917 | ---- | C] () -- C:\WINDOWS\System32\AiCM64.dll
    [2013/07/12 13:53:31 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\AiCM32.dll
    [2012/08/19 15:03:55 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\fusioncache.dat
    [2012/06/02 14:07:03 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\All others\Application Data\SAS7_000.DAT
    [2012/04/11 11:10:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/13 15:27:36 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2010/09/12 08:32:30 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2012/05/28 16:14:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2010/09/09 10:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/08/07 17:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Aimersoft Video Converter Ultimate
    [2011/09/18 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Canon
    [2011/09/14 22:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Canon Easy-WebPrint EX
    [2012/12/21 23:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Catalina Marketing Corp
    [2013/10/14 19:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Dropbox
    [2013/01/30 22:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\ElevatedDiagnostics
    [2012/06/06 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\FileZilla
    [2013/01/30 21:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Freecorder 7 Video
    [2010/09/17 17:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\ImgBurn
    [2009/11/28 05:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\InfraRecorder
    [2012/08/19 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Juniper Networks
    [2009/11/28 05:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Leadertech
    [2010/09/12 08:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Leawo
    [2009/12/11 12:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Lexmark Productivity Studio
    [2010/03/06 08:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\mjusbsp
    [2013/02/04 12:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\MyPublisher
    [2012/05/28 15:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Nuance
    [2011/11/13 15:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\PrimoPDF
    [2013/08/04 11:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Seagate
    [2011/11/13 15:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Softland
    [2012/05/28 09:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\TeamViewer
    [2011/08/24 19:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\TechWizard
    [2010/09/17 16:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\Uniblue
    [2013/07/12 13:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All others\Application Data\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
    [2013/10/02 22:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/10/28 20:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aimersoft Video Converter Ultimate
    [2011/09/14 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
    [2011/09/14 22:29:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/09/14 22:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
    [2011/09/18 20:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
    [2011/09/18 20:27:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2011/09/14 22:48:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
    [2011/09/14 22:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
    [2011/09/14 22:46:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
    [2011/09/14 22:48:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
    [2013/10/01 22:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2011/09/18 20:30:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/09/14 22:48:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
    [2011/09/14 22:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
    [2012/09/20 08:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitbit
    [2010/04/18 14:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2012/08/08 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2013/08/07 09:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2012/05/28 15:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2013/08/04 11:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2012/06/06 17:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2013/08/13 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2013/07/12 10:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare AllMyTube
    [2013/07/11 18:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare Application Common Data
    [2013/07/12 13:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare Player
    [2013/10/15 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
    [2010/11/12 05:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/25 07:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA

    < End of report >
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    homer77,
    If OTL can't do it, You may need to manually go in and remove the Coupon Printer plug-in from Chrome.
    You don't want that on your system.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :OTL
      SRV - [2013/10/17 15:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
      DRV - [2013/10/28 21:02:38 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32 _59849.sys -- (RapportCerberus_59849)
      DRV - [2013/10/17 15:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
      DRV - [2013/10/17 15:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
      DRV - [2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
      DRV - [2010/04/21 10:05:44 | 000,015,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
      CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
      CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
      @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
      @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24211BA
      
      :Files
      C:\Program Files\Trusteer
      C:\WINDOWS\System32\drivers\RapportKELL.sys
      C:\WINDOWS\system32\drivers\hitmanpro35.sys
      C:\Documents and Settings\All Users\Application Data\Trusteer
      C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
      C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
      ipconfig /flushdns /c
      
      :Commands
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • You DO NOT NEED to post the contents of that file.
    ----------------------------------------------
    Please Rescan with OTL as follows:
    Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your reply.
    askey127
     
  13. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    hello,

    here's the OTL log...please guide me on how to remove the plugin from chrome..thx
    OTL logfile created on: 11/3/2013 5:26:05 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\All others\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.25 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 48.78% Memory free
    1.69 Gb Paging File | 1.15 Gb Available in Paging File | 68.08% Paging File free
    Paging file location(s): C:\pagefile.sys 600 1200 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.84 Gb Total Space | 17.61 Gb Free Space | 31.53% Space Free | Partition Type: NTFS

    Computer Name: VAIDYA | User Name: All others | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/29 19:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    PRC - [2013/10/17 14:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/10/17 14:04:30 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2013/06/07 19:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2013/05/30 10:23:18 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    PRC - [2013/05/30 10:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    PRC - [2012/03/27 08:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
    PRC - [2011/07/17 11:52:08 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/04/21 00:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/04/21 00:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/21 00:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2010/02/18 19:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/02/12 18:01:00 | 000,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/28 20:03:06 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
    MOD - [2013/10/09 19:58:41 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\303ee4c8a3e5ee6ee63bbb9dccb3ae1d\System.Xml.Linq.ni.dll
    MOD - [2013/10/09 19:56:31 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
    MOD - [2013/10/09 19:49:44 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\83cd19e8259b8dd9435c1c3f8f31b60c\System.Core.ni.dll
    MOD - [2013/10/09 13:35:28 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d5b949ce49c52b48c6012d4100e9f272\System.ServiceModel.Routing.ni.dll
    MOD - [2013/10/09 13:35:26 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0991480e062731a80dfb4da63488f901\System.ServiceModel.Discovery.ni.dll
    MOD - [2013/10/09 13:35:23 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\499106911ed2b69e2d659e7bdb800ef6\System.ServiceModel.Channels.ni.dll
    MOD - [2013/10/09 13:35:21 | 001,393,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0d621aadc7266eb56c60b58db0c47635\System.ServiceModel.Activities.ni.dll
    MOD - [2013/10/09 13:35:15 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll
    MOD - [2013/10/09 13:34:26 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\226bf686752309b3a23a816fa9ee3c09\System.IdentityModel.ni.dll
    MOD - [2013/10/09 13:31:02 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/10/09 13:30:56 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll
    MOD - [2013/10/09 11:25:28 | 001,836,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\80a490b1cf884604ab8d3458b1fb762c\Microsoft.VisualBasic.ni.dll
    MOD - [2013/10/08 22:03:56 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
    MOD - [2013/10/08 22:03:04 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
    MOD - [2013/10/08 22:03:01 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll
    MOD - [2013/10/08 22:02:45 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll
    MOD - [2013/10/08 22:02:10 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll
    MOD - [2013/10/08 22:01:48 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll
    MOD - [2013/08/16 07:31:27 | 001,886,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\729ef05a2df18630db7f0a28dd0ec155\System.Web.Services.ni.dll
    MOD - [2013/08/16 07:31:18 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
    MOD - [2013/08/16 07:30:17 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll
    MOD - [2013/08/16 07:26:52 | 000,762,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/16 07:26:46 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
    MOD - [2013/08/16 07:26:41 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll
    MOD - [2013/08/16 07:26:34 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
    MOD - [2013/08/16 07:24:24 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
    MOD - [2013/08/15 22:10:10 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
    MOD - [2013/08/15 22:07:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
    MOD - [2013/08/15 22:06:38 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
    MOD - [2013/08/15 22:04:55 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
    MOD - [2013/08/15 21:59:52 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
    MOD - [2013/08/06 00:39:21 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
    MOD - [2013/07/14 08:40:17 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
    MOD - [2013/01/28 12:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/01/28 12:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    MOD - [2010/06/17 08:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


    ========== Services (SafeList) ==========

    SRV - [2013/10/17 14:04:32 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/10/08 20:28:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/04 09:53:24 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/06/07 19:46:05 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2013/06/07 19:45:29 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2013/05/30 10:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
    SRV - [2012/04/02 11:17:40 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2012/03/27 08:37:18 | 000,036,864 | ---- | M] (Agfa Healthcare Inc.) [Auto | Running] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
    SRV - [2011/07/17 11:52:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/21 00:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/07/27 04:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2010/02/18 19:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2009/09/24 03:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
    SRV - [2009/07/20 06:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLOTH~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2013/10/28 20:02:38 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
    DRV - [2013/10/17 14:04:58 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2013/10/17 14:04:56 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2013/10/17 14:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2013/06/07 19:45:35 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2013/05/30 16:37:38 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2012/04/02 13:47:26 | 000,021,992 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
    DRV - [2012/04/02 11:17:40 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2011/07/17 11:52:09 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/07/17 11:52:09 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 08:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2010/06/17 08:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2010/02/18 19:24:58 | 000,085,360 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_15255.SYS -- (NEOFLTR_650_15255)
    DRV - [2010/02/18 19:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2009/08/26 14:26:30 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
    DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2004/02/20 09:13:58 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
    DRV - [2004/02/20 09:13:56 | 000,312,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2004/01/19 10:28:48 | 000,256,688 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97)
    DRV - [2003/08/28 22:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2003/05/15 11:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2002/11/18 10:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
    IE - HKCU\..\SearchScopes,DefaultScope = {D45B4C68-BDA1-4BD2-9ED4-38071862B273}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKCU\..\SearchScopes\{82FE1E3D-180D-4251-B18D-8870048DA9E5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{D45B4C68-BDA1-4BD2-9ED4-38071862B273}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
    FF - prefs.js..extensions.enabledAddons: %7BCF13FA66-1F4F-426d-BB1B-E07A13BFF2C8%7D:5.0.0
    FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:1.0
    FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.94.0
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}: C:\Program Files\Aimersoft\Video Converter Ultimate\SVRFirefoxExt\ [2013/07/12 12:53:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/04 09:52:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 16:58:20 | 000,000,000 | ---D | M]

    [2009/12/23 15:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Extensions
    [2013/10/25 11:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions
    [2013/08/21 09:11:19 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/08/20 07:43:06 | 000,003,443 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\[email protected]
    [2013/10/25 11:41:48 | 000,534,765 | ---- | M] () (No name found) -- C:\Documents and Settings\All others\Application Data\Mozilla\Firefox\Profiles\fs4ut0ip.default-1370650309639\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/10/29 18:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/10/04 09:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/10/04 09:53:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/07/12 12:53:36 | 000,000,000 | ---D | M] (Aimersoft Video Converter Ultimate) -- C:\PROGRAM FILES\AIMERSOFT\VIDEO CONVERTER ULTIMATE\SVRFIREFOXEXT
    [2012/12/21 22:12:42 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2012/04/14 10:15:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/webhp?sourceid=navclient&ie=UTF-8&rlz=1T4GGLL_enDE342DE346
    CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
    CHR - plugin: 20-20 3D Viewer for WEB (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\NP_2020Player_WEB.dll
    CHR - plugin: Aimersoft Video Convert Chrome Plugin (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\npSVRChromePlugin.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\All others\Application Data\Mozilla\plugins\npo1d.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Docs = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Cast = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1008.0.1_0\
    CHR - Extension: Google Search = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: 20-20 3D Viewer for Virtual Studio = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc\5.0.110.94_0\
    CHR - Extension: Aimersoft Video Converter Ultimate = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb\5.0.0_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Gmail = C:\Documents and Settings\All others\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/10/02 22:08:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Aimersoft Video Converter Ultimate) - {54F73992-6549-4369-9A0D-84FD310A464A} - C:\Program Files\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll (Aimersoft Software Co., Ltd.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: risradiology.com ([v] http in Trusted sites)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251315382204 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1369704505676 (MUWebControl Class)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.spvod.com/soft/vjocx-ch-spvod.cab (VodClient Control Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: MIW Deployment https://www.mycommunitypatients.com/downloads/MIWDeploy.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF50B70-8ABF-48EA-8E72-ED97E2543967}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20CF4CC-D33C-4CFE-8468-570155DE7E1D}: NameServer = 8.26.56.26,156.154.70.22
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/08/26 13:31:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/30 16:52:48 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/10/29 19:30:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/29 18:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2013/10/28 20:48:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 20:44:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/17 14:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/10 18:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Desktop\Baby
    [2013/10/09 12:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All others\Local Settings\Application Data\Citrix
    [2013/10/08 20:34:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
    [2013/10/08 20:28:30 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
    [2013/10/08 20:28:29 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
    [2013/10/08 20:26:12 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
    [2013/10/08 20:26:12 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
    [2013/10/08 20:26:11 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys

    ========== Files - Modified Within 30 Days ==========

    [2013/11/03 17:25:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/11/03 17:23:02 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/11/03 17:22:59 | 000,043,348 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2013/11/03 17:21:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2013/11/03 17:21:04 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/03 17:19:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/11/03 16:59:18 | 000,607,354 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/11/03 16:59:17 | 000,109,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/11/03 16:47:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/11/02 11:42:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/02 11:37:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004UA.job
    [2013/11/01 16:37:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1383384898-1343024091-1004Core.job
    [2013/10/29 19:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All others\Desktop\OTL.exe
    [2013/10/28 20:14:58 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/28 20:14:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\All others\Desktop\dds.scr
    [2013/10/28 20:13:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All others\Desktop\HijackThis.exe
    [2013/10/19 15:52:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/10/17 14:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
    [2013/10/16 13:16:57 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 13:15:28 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/15 22:21:45 | 000,000,596 | ---- | M] () -- C:\WINDOWS\tasks\All others1.job
    [2013/10/15 22:21:43 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/15 22:10:27 | 000,000,594 | ---- | M] () -- C:\WINDOWS\tasks\All others.job
    [2013/10/15 19:04:03 | 000,000,606 | ---- | M] () -- C:\WINDOWS\tasks\All others Merge.job
    [2013/10/14 19:36:55 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/10 18:51:07 | 003,642,877 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 12:44:36 | 000,152,280 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 12:43:36 | 000,194,209 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 12:41:21 | 000,103,197 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 12:40:42 | 000,268,727 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 12:40:26 | 000,269,039 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 12:40:00 | 000,172,638 | ---- | M] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/10/09 19:42:47 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/09 17:12:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/10/09 13:22:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/10/08 21:23:22 | 000,379,339 | ---- | M] () -- C:\Documents and Settings\All others\Desktop\clip.jpg
    [2013/10/08 20:28:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/10/08 20:28:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

    ========== Files Created - No Company Name ==========

    [2013/10/28 20:48:42 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\jdvrg7fq.exe
    [2013/10/16 13:16:57 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Shortcut to CD Drive.lnk
    [2013/10/16 13:15:28 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\My Computer.lnk
    [2013/10/14 21:27:09 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\All others DBAgent 2 0.job
    [2013/10/10 18:51:05 | 003,642,877 | ---- | C] () -- C:\Documents and Settings\All others\Desktop\Neel Vaidya.pdf
    [2013/10/10 12:44:29 | 000,152,280 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\MTQwYTI5N2YzMmJkYmI3OHwwLjI= - Mobile_Baby_Registration.pdf
    [2013/10/10 12:43:01 | 000,194,209 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Dear Patient, - medRecords.pdf
    [2013/10/10 12:41:18 | 000,103,197 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - Health_History_Rev_May_2011.pdf
    [2013/10/10 12:40:39 | 000,268,727 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\INFORMED CONSENT FOR ULTRASOUND - ultraConsent.pdf
    [2013/10/10 12:40:20 | 000,269,039 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\paymentPolicy - paymentPolicy.pdf
    [2013/10/10 12:39:55 | 000,172,638 | ---- | C] () -- C:\Documents and Settings\All others\My Documents\Greater Washington Maternal-Fetal Medicine and Genetics - regform.pdf
    [2013/08/04 21:55:29 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-1383384898-1343024091-1004-0.dat
    [2013/08/04 21:55:17 | 000,155,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/07/12 12:53:31 | 000,721,917 | ---- | C] () -- C:\WINDOWS\System32\AiCM64.dll
    [2013/07/12 12:53:31 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\AiCM32.dll
    [2012/08/19 14:03:55 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\fusioncache.dat
    [2012/06/02 13:07:03 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\All others\Application Data\SAS7_000.DAT
    [2012/04/11 10:10:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/11/13 14:27:36 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2010/09/12 07:32:30 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\All others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2012/05/28 15:14:46 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2010/09/09 09:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    2,628
    Open Chrome
    In the address bar at the top, type the following:
    chrome:\\plugins
    Look down the list and click the "Disable" link for any labeled "Coupon printer"
     
  15. homer77

    homer77 Thread Starter

    Joined:
    Oct 28, 2013
    Messages:
    19
    disabled coupon printer in chrome successfully...thx
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1111713