# Yontoo



## Brigham (Aug 24, 2010)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 2
RAM: 3892 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
Hard Drives: C: Total - 51200 MB, Free - 21450 MB; D: Total - 251992 MB, Free - 108171 MB;
Motherboard: FUJITSU, FJNBB06
Antivirus: Microsoft Security Essentials, Updated and Enabled

Hello chaps,
Under programs and features, I find a yontoo 1.10.02. I don't need it, but it will not uninstall. I don't like things on the machine I have no control over. Is there an easy way to get rid of it?


----------



## Mhouser (Jan 21, 2008)

Revo Uninstaller is great for getting rid of programs with broken/missing uninstallers. 
http://www.revouninstaller.com


----------



## Brigham (Aug 24, 2010)

Mhouser said:


> Revo Uninstaller is great for getting rid of programs with broken/missing uninstallers.
> http://www.revouninstaller.com


I would use Revo, which I have on my computer, however Yontoo does not appear on the revo page. Is there a way of using Revo in the Program list?


----------



## Mhouser (Jan 21, 2008)

Are you able to start the Yontoo program? 
See if Revo hunter mode can uninstall it that way.


----------



## Brigham (Aug 24, 2010)

Mhouser said:


> Are you able to start the Yontoo program?
> See if Revo hunter mode can uninstall it that way.


It won't open. I get a message "setup initialisation error"


----------



## mtzlplex (Aug 5, 2002)

Don`t know if this will be of any help to you or not with your problem as I am not familiar with Yontoo, but you might want to have a read. It is found here: http://www.pagerage.com/uninstall-pagerage.aspx


----------



## Brigham (Aug 24, 2010)

IMP49 said:


> Don`t know if this will be of any help to you or not with your problem as I am not familiar with Yontoo, but you might want to have a read. It is found here: http://www.pagerage.com/uninstall-pagerage.aspx


This just tells me to uninstall in the control panel. I did try to contact Yontoo HQ by email, perhaps they can help me.


----------



## mtzlplex (Aug 5, 2002)

It also shows you how to disable Yontoo in your browser if for some reason you don`t get it uninstalled.


----------



## Brigham (Aug 24, 2010)

IMP49 said:


> It also shows you how to disable Yontoo in your browser if for some reason you don`t get it uninstalled.


As I can't get it to do anything, it is really acting as if it is disabled. I feel rather annoyed though.It just sits there smugly, challenging me to do something about it.


----------



## mtzlplex (Aug 5, 2002)

What browser are you using?


----------



## Brigham (Aug 24, 2010)

IMP49 said:


> What browser are you using?


I use google chrome, and Firefox mostly.


----------



## mtzlplex (Aug 5, 2002)

I am not familiar with Chrome, but I do have Firefox. When you open Firefox, click on tools, then add ons, does Yontoo show up in the add ons?


----------



## Brigham (Aug 24, 2010)

IMP49 said:


> I am not familiar with Chrome, but I do have Firefox. When you open Firefox, click on tools, then add ons, does Yontoo show up in the add ons?


No it doesn't.


----------



## mtzlplex (Aug 5, 2002)

How about chrome, does it show up in chrome add ons? Also, do you have something called PageRage in add/remove programs?


----------



## Brigham (Aug 24, 2010)

PageRage is nowhere on my computer.


----------



## mtzlplex (Aug 5, 2002)

You didn`t answer my first question, does Yontoo show up in Google Chrome add ons?


----------



## Brigham (Aug 24, 2010)

IMP49 said:


> You didn`t answer my first question, does Yontoo show up in Google Chrome add ons?


No it doesn't. I have searched and it is not to be found. Yontoo is sitting in "Features and Programs" but does not appear when I search from the start menu.


----------



## dvk01 (Dec 14, 2002)

moved to malware removal for help 
follow advice *here* and post the logs those programs make


----------



## Brigham (Aug 24, 2010)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 16/01/2012 14:29:34
System Uptime: 30/06/2012 07:55:23 (2 hours ago)
.
Motherboard: FUJITSU | | FJNBB06
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | On Board | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 50 GiB total, 20.907 GiB free.
D: is FIXED (NTFS) - 246 GiB total, 105.637 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP187: 29/06/2012 18:12:37 - Scheduled Checkpoint
RP188: 29/06/2012 21:32:10 - Revo Uninstaller's restore point - Google Earth
RP189: 29/06/2012 21:32:26 - Removed Google Earth.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
BT Broadband Desktop Help
CyberLink YouCam
DeskUpdate 4.12
Fujitsu Display Manager
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Google Chrome
Google Earth
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 33
LifeBook Application Panel
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
Power Saving Utility
Quick Bridge 3.1 (remove only)
Rapport
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.93
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SpywareBlaster 4.6
System Requirements Lab for Intel
SystemDiagnostics
TuneUp Utilities Language Pack (en-GB)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
.
==== Event Viewer Messages From Past Week ========
.
29/06/2012 18:09:27, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
29/06/2012 16:27:58, Error: Service Control Manager [7000] - The MRESP50a64 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
29/06/2012 16:20:14, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9240EEB7-371D-4AF6-B63B-06FF3317661A} because another computer on the network has the same name. The server could not start.
29/06/2012 16:20:14, Error: NetBT [4321] - The name "GEMINI :20" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.65 did not allow the name to be claimed by this computer.
29/06/2012 16:20:10, Error: NetBT [4321] - The name "GEMINI :0" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.65 did not allow the name to be claimed by this computer.
25/06/2012 14:52:23, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by John at 9:01:09 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2273 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8228BD9E-DDC8-46E7-A8E7-AE684F09E144} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 500c2722-4878-437e-bced-afa4402cf364
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 rstfltr;rstfltr;C:\Windows\system32\drivers\rstfltr.sys --> C:\Windows\system32\drivers\rstfltr.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-5-12 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-6-8 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-6-8 297048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-23 517632]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-6-23 330240]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-30 63336]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-6-8 976728]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 rstescu;rstescu;C:\Windows\system32\drivers\rstescu.sys --> C:\Windows\system32\drivers\rstescu.sys [?]
S3 rstescu1;rstescu1;C:\Windows\system32\drivers\rstescu1.sys --> C:\Windows\system32\drivers\rstescu1.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-29 15:31:09	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75405BE5-9AB2-40B9-BD74-45AFD35C9BD9}\mpengine.dll
2012-06-28 21:57:00	--------	d-----w-	C:\sh4ldr
2012-06-28 21:57:00	--------	d-----w-	C:\Program Files\Enigma Software Group
2012-06-28 21:56:15	--------	d-----w-	C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 21:56:14	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Deployment
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Apps
2012-06-28 15:04:05	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 09:51:15	--------	d-----w-	C:\Users\John\AppData\Local\Macromedia
2012-06-21 11:20:21	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-21 11:20:12	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-21 11:19:57	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-21 11:19:57	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-19 18:27:33	--------	d-----w-	C:\Users\John\AppData\Roaming\Firetrust
2012-06-19 18:27:09	--------	d-----w-	C:\Program Files (x86)\Firetrust
2012-06-17 19:20:29	--------	d-----w-	C:\MGADiagToolOutput
2012-06-13 17:29:36	544008	----a-w-	C:\Windows\System32\npdeployJava1.dll
2012-06-13 17:27:14	476936	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-06-13 17:02:46	3216384	----a-w-	C:\Windows\System32\msi.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4F8784E-456E-4CB0-B1F4-8B609AE3D729}\gapaengine.dll
2012-06-08 19:06:17	85472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-08 19:06:17	770384	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 19:06:17	421200	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-22 11:55:27	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 11:55:27	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 17:29:28	525576	----a-w-	C:\Windows\System32\deployJava1.dll
2012-06-13 17:27:03	472840	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-06-08 20:42:30	101400	----a-w-	C:\Windows\System32\drivers\RapportKE64.sys
2012-05-18 02:06:48	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-05-18 01:58:39	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-05 12:32:13	8744608	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-04-24 16:13:24	54728	----a-w-	C:\Windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36	1462272	----a-w-	C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42	1158656	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-04-07 11:26:29	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
2012-04-04 14:56:40	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 9:01:43.94 ===============

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by John at 9:01:09 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2273 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8228BD9E-DDC8-46E7-A8E7-AE684F09E144} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 500c2722-4878-437e-bced-afa4402cf364
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 rstfltr;rstfltr;C:\Windows\system32\drivers\rstfltr.sys --> C:\Windows\system32\drivers\rstfltr.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-5-12 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-6-8 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-6-8 297048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-23 517632]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-6-23 330240]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-30 63336]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-6-8 976728]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 rstescu;rstescu;C:\Windows\system32\drivers\rstescu.sys --> C:\Windows\system32\drivers\rstescu.sys [?]
S3 rstescu1;rstescu1;C:\Windows\system32\drivers\rstescu1.sys --> C:\Windows\system32\drivers\rstescu1.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-29 15:31:09	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75405BE5-9AB2-40B9-BD74-45AFD35C9BD9}\mpengine.dll
2012-06-28 21:57:00	--------	d-----w-	C:\sh4ldr
2012-06-28 21:57:00	--------	d-----w-	C:\Program Files\Enigma Software Group
2012-06-28 21:56:15	--------	d-----w-	C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 21:56:14	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Deployment
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Apps
2012-06-28 15:04:05	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 09:51:15	--------	d-----w-	C:\Users\John\AppData\Local\Macromedia
2012-06-21 11:20:21	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-21 11:20:12	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-21 11:19:57	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-21 11:19:57	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-19 18:27:33	--------	d-----w-	C:\Users\John\AppData\Roaming\Firetrust
2012-06-19 18:27:09	--------	d-----w-	C:\Program Files (x86)\Firetrust
2012-06-17 19:20:29	--------	d-----w-	C:\MGADiagToolOutput
2012-06-13 17:29:36	544008	----a-w-	C:\Windows\System32\npdeployJava1.dll
2012-06-13 17:27:14	476936	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-06-13 17:02:46	3216384	----a-w-	C:\Windows\System32\msi.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4F8784E-456E-4CB0-B1F4-8B609AE3D729}\gapaengine.dll
2012-06-08 19:06:17	85472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-08 19:06:17	770384	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 19:06:17	421200	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-22 11:55:27	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 11:55:27	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 17:29:28	525576	----a-w-	C:\Windows\System32\deployJava1.dll
2012-06-13 17:27:03	472840	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-06-08 20:42:30	101400	----a-w-	C:\Windows\System32\drivers\RapportKE64.sys
2012-05-18 02:06:48	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-05-18 01:58:39	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-05 12:32:13	8744608	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-04-24 16:13:24	54728	----a-w-	C:\Windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36	1462272	----a-w-	C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42	1158656	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-04-07 11:26:29	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
2012-04-04 14:56:40	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 9:01:43.94 ===============.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by John at 9:01:09 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2273 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8228BD9E-DDC8-46E7-A8E7-AE684F09E144} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 500c2722-4878-437e-bced-afa4402cf364
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 rstfltr;rstfltr;C:\Windows\system32\drivers\rstfltr.sys --> C:\Windows\system32\drivers\rstfltr.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-5-12 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-6-8 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-6-8 297048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-23 517632]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-6-23 330240]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-30 63336]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-6-8 976728]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 rstescu;rstescu;C:\Windows\system32\drivers\rstescu.sys --> C:\Windows\system32\drivers\rstescu.sys [?]
S3 rstescu1;rstescu1;C:\Windows\system32\drivers\rstescu1.sys --> C:\Windows\system32\drivers\rstescu1.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-29 15:31:09	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75405BE5-9AB2-40B9-BD74-45AFD35C9BD9}\mpengine.dll
2012-06-28 21:57:00	--------	d-----w-	C:\sh4ldr
2012-06-28 21:57:00	--------	d-----w-	C:\Program Files\Enigma Software Group
2012-06-28 21:56:15	--------	d-----w-	C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 21:56:14	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Deployment
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Apps
2012-06-28 15:04:05	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 09:51:15	--------	d-----w-	C:\Users\John\AppData\Local\Macromedia
2012-06-21 11:20:21	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-21 11:20:12	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-21 11:19:57	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-21 11:19:57	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-19 18:27:33	--------	d-----w-	C:\Users\John\AppData\Roaming\Firetrust
2012-06-19 18:27:09	--------	d-----w-	C:\Program Files (x86)\Firetrust
2012-06-17 19:20:29	--------	d-----w-	C:\MGADiagToolOutput
2012-06-13 17:29:36	544008	----a-w-	C:\Windows\System32\npdeployJava1.dll
2012-06-13 17:27:14	476936	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-06-13 17:02:46	3216384	----a-w-	C:\Windows\System32\msi.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4F8784E-456E-4CB0-B1F4-8B609AE3D729}\gapaengine.dll
2012-06-08 19:06:17	85472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-08 19:06:17	770384	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 19:06:17	421200	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-22 11:55:27	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 11:55:27	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 17:29:28	525576	----a-w-	C:\Windows\System32\deployJava1.dll
2012-06-13 17:27:03	472840	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-06-08 20:42:30	101400	----a-w-	C:\Windows\System32\drivers\RapportKE64.sys
2012-05-18 02:06:48	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-05-18 01:58:39	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-05 12:32:13	8744608	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-04-24 16:13:24	54728	----a-w-	C:\Windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36	1462272	----a-w-	C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42	1158656	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-04-07 11:26:29	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
2012-04-04 14:56:40	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 9:01:43.94 ===============


----------



## Brigham (Aug 24, 2010)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by John at 9:01:09 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2273 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8228BD9E-DDC8-46E7-A8E7-AE684F09E144} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{9240EEB7-371D-4AF6-B63B-06FF3317661A}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 500c2722-4878-437e-bced-afa4402cf364
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R0 rstfltr;rstfltr;C:\Windows\system32\drivers\rstfltr.sys --> C:\Windows\system32\drivers\rstfltr.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-5-12 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-6-8 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-6-8 297048]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-23 517632]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-6-23 330240]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-30 63336]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-6-8 976728]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-16 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 rstescu;rstescu;C:\Windows\system32\drivers\rstescu.sys --> C:\Windows\system32\drivers\rstescu.sys [?]
S3 rstescu1;rstescu1;C:\Windows\system32\drivers\rstescu1.sys --> C:\Windows\system32\drivers\rstescu1.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-29 15:31:09	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75405BE5-9AB2-40B9-BD74-45AFD35C9BD9}\mpengine.dll
2012-06-28 21:57:00	--------	d-----w-	C:\sh4ldr
2012-06-28 21:57:00	--------	d-----w-	C:\Program Files\Enigma Software Group
2012-06-28 21:56:15	--------	d-----w-	C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 21:56:14	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Deployment
2012-06-28 21:16:21	--------	d-----w-	C:\Users\John\AppData\Local\Apps
2012-06-28 15:04:05	9013136	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 09:51:15	--------	d-----w-	C:\Users\John\AppData\Local\Macromedia
2012-06-21 11:20:21	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-21 11:20:12	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-21 11:19:57	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-21 11:19:57	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-19 18:27:33	--------	d-----w-	C:\Users\John\AppData\Roaming\Firetrust
2012-06-19 18:27:09	--------	d-----w-	C:\Program Files (x86)\Firetrust
2012-06-17 19:20:29	--------	d-----w-	C:\MGADiagToolOutput
2012-06-13 17:29:36	544008	----a-w-	C:\Windows\System32\npdeployJava1.dll
2012-06-13 17:27:14	476936	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-06-13 17:02:46	3216384	----a-w-	C:\Windows\System32\msi.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 20:25:07	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4F8784E-456E-4CB0-B1F4-8B609AE3D729}\gapaengine.dll
2012-06-08 19:06:17	85472	----a-w-	C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-08 19:06:17	770384	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 19:06:17	421200	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-22 11:55:27	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 11:55:27	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 17:29:28	525576	----a-w-	C:\Windows\System32\deployJava1.dll
2012-06-13 17:27:03	472840	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-06-08 20:42:30	101400	----a-w-	C:\Windows\System32\drivers\RapportKE64.sys
2012-05-18 02:06:48	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-05-18 01:58:39	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-05 12:32:13	8744608	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-04-24 16:13:24	54728	----a-w-	C:\Windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36	1462272	----a-w-	C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42	1158656	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-04-07 11:26:29	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
2012-04-04 14:56:40	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 9:01:43.94 ===============


----------



## Brigham (Aug 24, 2010)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:00:25, on 30/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John\Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {707db484-2428-402d-afb5-d85b387544c7} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PFNService - FUJITSU LIMITED - C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Bluetooth Feature Support (VFPRadioSupportService) - CSR, plc - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8063 bytes
I've not done this before. Forgive me if it is not right. I didn't do the GMER as I am 64bit


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​* Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.  *

Download ComboFix from *Here*to your Desktop.
*As you download it rename it to username123.exe*

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *renamed combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## Brigham (Aug 24, 2010)

ComboFix 12-06-28.03 - John 30/06/2012 9:20.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2290 [GMT 1:00]
Running from: c:\users\John\Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc38EB.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C64.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C85.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3D60.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4961.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4C12.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4D94.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc52D1.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc561C.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc56B8.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc591C.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc59B6.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5A90.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5E66.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc601B.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6081.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc66A1.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc66A3.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70DE.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7331.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc73F8.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D7B.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E7C.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9CDD.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA312.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccABA.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB222.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC8BB.tmp
c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE67.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 08:26 . 2012-06-30 08:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-30 08:18 . 2012-06-30 08:18	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75405BE5-9AB2-40B9-BD74-45AFD35C9BD9}\offreg.dll
2012-06-29 15:31 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75405BE5-9AB2-40B9-BD74-45AFD35C9BD9}\mpengine.dll
2012-06-28 21:57 . 2012-06-28 22:04	--------	d-----w-	C:\sh4ldr
2012-06-28 21:57 . 2012-06-28 21:57	--------	d-----w-	c:\program files\Enigma Software Group
2012-06-28 21:56 . 2012-06-28 22:04	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 21:56 . 2012-06-28 21:56	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-28 21:16 . 2012-06-28 21:17	--------	d-----w-	c:\users\John\AppData\Local\Deployment
2012-06-28 21:16 . 2012-06-28 21:16	--------	d-----w-	c:\users\John\AppData\Local\Apps
2012-06-28 15:04 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 09:51 . 2012-06-23 09:51	--------	d-----w-	c:\users\John\AppData\Local\Macromedia
2012-06-21 11:20 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 11:20 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 11:20 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 11:20 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 11:20 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 11:20 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 11:20 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 11:19 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 11:19 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 18:27 . 2012-06-19 18:30	--------	d-----w-	c:\users\John\AppData\Roaming\Firetrust
2012-06-19 18:27 . 2012-06-19 18:31	--------	d-----w-	c:\program files (x86)\Firetrust
2012-06-17 19:20 . 2012-06-17 19:20	--------	d-----w-	C:\MGADiagToolOutput
2012-06-17 19:19 . 2012-06-17 19:19	--------	d-----w-	c:\programdata\Office Genuine Advantage
2012-06-13 17:29 . 2012-06-13 17:29	544008	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-13 17:29 . 2012-06-13 17:29	--------	d-----w-	c:\program files\Java
2012-06-13 17:27 . 2012-06-13 17:27	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-13 17:27 . 2012-06-13 17:27	--------	d-----w-	c:\program files (x86)\Java
2012-06-13 17:02 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-12 20:25 . 2012-05-24 19:57	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 20:25 . 2012-05-24 19:57	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4F8784E-456E-4CB0-B1F4-8B609AE3D729}\gapaengine.dll
2012-06-08 19:06 . 2012-06-01 15:40	85472	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-08 19:06 . 2012-06-01 15:39	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 19:06 . 2012-06-01 15:39	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 11:55 . 2012-03-29 11:23	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 11:55 . 2012-01-17 13:36	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 17:29 . 2012-01-23 12:22	525576	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 17:27 . 2012-01-23 12:24	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-08 20:42 . 2012-05-12 21:37	101400	----a-w-	c:\windows\system32\drivers\RapportKE64.sys
2012-05-05 12:32 . 2012-04-15 18:32	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 16:13 . 2012-02-04 12:29	54728	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-04-04 14:56 . 2012-01-17 11:36	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeskUpdateNotifier"="c:\program files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2012-02-16 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2012-02-16 230696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys [2011-03-25 607256]
R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys [2011-03-25 607256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-17 1255736]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-06-08 101400]
S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys [2011-03-25 22552]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-05-12 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-06-08 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-06-08 297048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-23 330240]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-06-08 976728]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2012-02-16 31216]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 11:55]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 15:14]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 15:14]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-28 21:17]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-28 21:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-23 6310912]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\
FF - user.js: extentions.y2layers.installId - 500c2722-4878-437e-bced-afa4402cf364
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{707db484-2428-402d-afb5-d85b387544c7} - (no file)
ShellIconOverlayIdentifiers-{6457FB0A-5C02-4393-909C-2139A5D5571F} - c:\windows\system32\RlShellExt64.dll
ShellIconOverlayIdentifiers-{871FE18B-B68D-4437-BC76-6634996CDB97} - c:\windows\system32\RlShellExt64.dll
ShellIconOverlayIdentifiers-{1F03249C-6AB2-4E31-8C10-86F7E31E3B4E} - c:\windows\system32\RlShellExt64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-BthSyncServ - c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{311BA51F-64F2-439D-9A4A-772373D77312}"=hex:51,66,7a,6c,4c,1d,38,12,71,a6,08,
35,c0,2a,f3,06,e5,5c,34,63,76,89,37,06
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,60,6a,a6,86,30,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,46,46,04,31,ff,31,40,89,1e,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,46,46,04,31,ff,31,40,89,1e,fe,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-30 09:28:53
ComboFix-quarantined-files.txt 2012-06-30 08:28
.
Pre-Run: 22,358,319,104 bytes free
Post-Run: 22,162,907,136 bytes free
.
- - End Of File - - B7507AB5D4C18FB7FCB4489B0298A1E4
Shall I restore MSE now or later?
I couldn't rename combofix there didn't seem to be an opportunity.


----------



## dvk01 (Dec 14, 2002)

we can fix yontoo in Firefox but it isn't showing up anywhere else

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press *SAVE * and choose desktop in the list of selections in that window & press save)

*Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished *

Close any open browsers 
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .

*Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum *


----------



## Brigham (Aug 24, 2010)

ComboFix 12-06-28.03 - John 30/06/2012 11:33:32.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.1927 [GMT 1:00]
Running from: c:\users\John\Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 10:39 . 2012-06-30 10:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-30 09:21 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85D79CF5-79B9-4F0D-86D4-B4C7309DE5EB}\mpengine.dll
2012-06-28 21:57 . 2012-06-28 22:04	--------	d-----w-	C:\sh4ldr
2012-06-28 21:57 . 2012-06-28 21:57	--------	d-----w-	c:\program files\Enigma Software Group
2012-06-28 21:56 . 2012-06-28 22:04	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 21:56 . 2012-06-28 21:56	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-28 21:16 . 2012-06-28 21:17	--------	d-----w-	c:\users\John\AppData\Local\Deployment
2012-06-28 21:16 . 2012-06-28 21:16	--------	d-----w-	c:\users\John\AppData\Local\Apps
2012-06-28 15:04 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 09:51 . 2012-06-23 09:51	--------	d-----w-	c:\users\John\AppData\Local\Macromedia
2012-06-21 11:20 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 11:20 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 11:20 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 11:20 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 11:20 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 11:20 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 11:20 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 11:19 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 11:19 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 18:27 . 2012-06-19 18:30	--------	d-----w-	c:\users\John\AppData\Roaming\Firetrust
2012-06-19 18:27 . 2012-06-19 18:31	--------	d-----w-	c:\program files (x86)\Firetrust
2012-06-17 19:20 . 2012-06-17 19:20	--------	d-----w-	C:\MGADiagToolOutput
2012-06-17 19:19 . 2012-06-17 19:19	--------	d-----w-	c:\programdata\Office Genuine Advantage
2012-06-13 17:29 . 2012-06-13 17:29	544008	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-13 17:29 . 2012-06-13 17:29	--------	d-----w-	c:\program files\Java
2012-06-13 17:27 . 2012-06-13 17:27	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-13 17:27 . 2012-06-13 17:27	--------	d-----w-	c:\program files (x86)\Java
2012-06-13 17:02 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-12 20:25 . 2012-05-24 19:57	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 20:25 . 2012-05-24 19:57	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4F8784E-456E-4CB0-B1F4-8B609AE3D729}\gapaengine.dll
2012-06-08 19:06 . 2012-06-01 15:40	85472	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-08 19:06 . 2012-06-01 15:39	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 19:06 . 2012-06-01 15:39	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 11:55 . 2012-03-29 11:23	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 11:55 . 2012-01-17 13:36	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 17:29 . 2012-01-23 12:22	525576	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 17:27 . 2012-01-23 12:24	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-08 20:42 . 2012-05-12 21:37	101400	----a-w-	c:\windows\system32\drivers\RapportKE64.sys
2012-05-05 12:32 . 2012-04-15 18:32	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 16:13 . 2012-02-04 12:29	54728	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-04-04 14:56 . 2012-01-17 11:36	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeskUpdateNotifier"="c:\program files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2012-02-16 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2012-02-16 230696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys [2011-03-25 607256]
R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys [2011-03-25 607256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-17 1255736]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-06-08 101400]
S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys [2011-03-25 22552]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-05-12 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-06-08 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-06-08 297048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-23 330240]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-06-08 976728]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2012-02-16 31216]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 11:55]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 15:14]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 15:14]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-28 21:17]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-28 21:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_sxBZOverlayIcon]
@="{6457FB0A-5C02-4393-909C-2139A5D5571F}"
[HKEY_CLASSES_ROOT\CLSID\{6457FB0A-5C02-4393-909C-2139A5D5571F}]
c:\windows\system32\RlShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_sxConfidentialOIcon]
@="{871FE18B-B68D-4437-BC76-6634996CDB97}"
[HKEY_CLASSES_ROOT\CLSID\{871FE18B-B68D-4437-BC76-6634996CDB97}]
c:\windows\system32\RlShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_sxForbiddenOIcon]
@="{1F03249C-6AB2-4E31-8C10-86F7E31E3B4E}"
[HKEY_CLASSES_ROOT\CLSID\{1F03249C-6AB2-4E31-8C10-86F7E31E3B4E}]
c:\windows\system32\RlShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-23 6310912]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"BthSyncServ"="c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\
FF - user.js: extentions.y2layers.installId - 500c2722-4878-437e-bced-afa4402cf364
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{311BA51F-64F2-439D-9A4A-772373D77312}"=hex:51,66,7a,6c,4c,1d,38,12,71,a6,08,
35,c0,2a,f3,06,e5,5c,34,63,76,89,37,06
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,60,6a,a6,86,30,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,46,46,04,31,ff,31,40,89,1e,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,46,46,04,31,ff,31,40,89,1e,fe,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-30 11:41:21
ComboFix-quarantined-files.txt 2012-06-30 10:41
ComboFix2.txt 2012-06-30 08:28
.
Pre-Run: 22,194,708,480 bytes free
Post-Run: 22,007,361,536 bytes free
.
- - End Of File - - A2412B6E40CBA660D2F58EC7DF8B25D4


----------



## Brigham (Aug 24, 2010)

My last reply contained everything that CF produced. Is this ok?


----------



## dvk01 (Dec 14, 2002)

you didn't do what I told you to do & didn't drop the cfscript onto the combofix icon 
it looks like combofix is runninmg from downloads folder so download the cfscript to the downloads folder as well


----------



## Brigham (Aug 24, 2010)

ComboFix 12-06-28.03 - John 30/06/2012 15:05:15.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.1895 [GMT 1:00]
Running from: c:\users\John\Documents\Downloads\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript (1).txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 14:10 . 2012-06-30 14:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-30 14:03 . 2012-06-30 14:03	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B015B21-8688-4251-8712-2F301E12D8E9}\offreg.dll
2012-06-30 10:46 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B015B21-8688-4251-8712-2F301E12D8E9}\mpengine.dll
2012-06-28 21:57 . 2012-06-28 22:04	--------	d-----w-	C:\sh4ldr
2012-06-28 21:57 . 2012-06-28 21:57	--------	d-----w-	c:\program files\Enigma Software Group
2012-06-28 21:56 . 2012-06-28 22:04	--------	d-----w-	c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-28 21:56 . 2012-06-28 21:56	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-28 21:16 . 2012-06-28 21:17	--------	d-----w-	c:\users\John\AppData\Local\Deployment
2012-06-28 21:16 . 2012-06-28 21:16	--------	d-----w-	c:\users\John\AppData\Local\Apps
2012-06-28 15:04 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 09:51 . 2012-06-23 09:51	--------	d-----w-	c:\users\John\AppData\Local\Macromedia
2012-06-21 11:20 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 11:20 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 11:20 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 11:20 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 11:20 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 11:20 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 11:20 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 11:19 . 2012-06-02 14:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 11:19 . 2012-06-02 14:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 18:27 . 2012-06-19 18:30	--------	d-----w-	c:\users\John\AppData\Roaming\Firetrust
2012-06-19 18:27 . 2012-06-19 18:31	--------	d-----w-	c:\program files (x86)\Firetrust
2012-06-17 19:20 . 2012-06-17 19:20	--------	d-----w-	C:\MGADiagToolOutput
2012-06-17 19:19 . 2012-06-17 19:19	--------	d-----w-	c:\programdata\Office Genuine Advantage
2012-06-13 17:29 . 2012-06-13 17:29	544008	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-13 17:29 . 2012-06-13 17:29	--------	d-----w-	c:\program files\Java
2012-06-13 17:27 . 2012-06-13 17:27	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-06-13 17:27 . 2012-06-13 17:27	--------	d-----w-	c:\program files (x86)\Java
2012-06-13 17:02 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-12 20:25 . 2012-05-24 19:57	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-12 20:25 . 2012-05-24 19:57	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4F8784E-456E-4CB0-B1F4-8B609AE3D729}\gapaengine.dll
2012-06-08 19:06 . 2012-06-01 15:40	85472	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-08 19:06 . 2012-06-01 15:39	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 19:06 . 2012-06-01 15:39	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 11:55 . 2012-03-29 11:23	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 11:55 . 2012-01-17 13:36	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 17:29 . 2012-01-23 12:22	525576	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 17:27 . 2012-01-23 12:24	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-08 20:42 . 2012-05-12 21:37	101400	----a-w-	c:\windows\system32\drivers\RapportKE64.sys
2012-05-05 12:32 . 2012-04-15 18:32	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 16:13 . 2012-02-04 12:29	54728	----a-w-	c:\windows\system32\drivers\Soluto.sys
2012-04-04 14:56 . 2012-01-17 11:36	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( [email protected]_08.26.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-30 06:29	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-30 11:23	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-30 11:23	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-30 06:29	32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-30 11:23	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-30 06:29	16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeskUpdateNotifier"="c:\program files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2012-02-16 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2012-02-16 230696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys [2011-03-25 607256]
R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys [2011-03-25 607256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-17 1255736]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-06-08 101400]
S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys [2011-03-25 22552]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-04-24 54728]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-05-12 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-06-08 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-06-08 297048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-03-23 517632]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-23 330240]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-06-08 976728]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2012-02-16 31216]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 11:55]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 15:14]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-16 15:14]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000Core.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-28 21:17]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000UA.job
- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-28 21:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_sxBZOverlayIcon]
@="{6457FB0A-5C02-4393-909C-2139A5D5571F}"
[HKEY_CLASSES_ROOT\CLSID\{6457FB0A-5C02-4393-909C-2139A5D5571F}]
c:\windows\system32\RlShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_sxConfidentialOIcon]
@="{871FE18B-B68D-4437-BC76-6634996CDB97}"
[HKEY_CLASSES_ROOT\CLSID\{871FE18B-B68D-4437-BC76-6634996CDB97}]
c:\windows\system32\RlShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_sxForbiddenOIcon]
@="{1F03249C-6AB2-4E31-8C10-86F7E31E3B4E}"
[HKEY_CLASSES_ROOT\CLSID\{1F03249C-6AB2-4E31-8C10-86F7E31E3B4E}]
c:\windows\system32\RlShellExt64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-23 6310912]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"BthSyncServ"="c:\program files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{311BA51F-64F2-439D-9A4A-772373D77312}"=hex:51,66,7a,6c,4c,1d,38,12,71,a6,08,
35,c0,2a,f3,06,e5,5c,34,63,76,89,37,06
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,60,6a,a6,86,30,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,46,46,04,31,ff,31,40,89,1e,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,46,46,04,31,ff,31,40,89,1e,fe,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-30 15:12:12
ComboFix-quarantined-files.txt 2012-06-30 14:12
ComboFix2.txt 2012-06-30 10:41
ComboFix3.txt 2012-06-30 08:28
.
Pre-Run: 21,729,898,496 bytes free
Post-Run: 21,686,312,960 bytes free
.
- - End Of File - - D819BC655C08684C757111368FC521

Have I done it correctly this time? I dragged the script into the downloads Combifix Icon.


----------



## dvk01 (Dec 14, 2002)

That is better
it should have got rid of vontoo from Firefox
are you seeing vontoo anywhere else now


----------



## Brigham (Aug 24, 2010)

In the Program and features list of programs, the last one is Yontoo 1.10.02. If I try to delete it, a message "Set up initialisation error" comes up.


----------



## dvk01 (Dec 14, 2002)

lets see if we can fix that with this

Download *OTScanIt.exe *to your Desktop 

Close any open browsers.
If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
Double-click on *OTS.exe* to start the program.
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
If the log is too large to post, use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Brigham (Aug 24, 2010)

```
OTS logfile created on: 30/06/2012 16:02:50 - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\John\Documents\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 46.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.00 Gb Total Space | 20.27 Gb Free Space | 40.53% Space Free | Partition Type: NTFS
Drive D: | 246.09 Gb Total Space | 105.64 Gb Free Space | 42.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GEMINI
Current User Name: John
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots (2).exe -> C:\Users\John\My Documents\Downloads\OTS (2).exe -> [2012/06/30 16:02:14 | 000,646,656 | ---- | M] (OldTimer Tools)
rapportservice.exe -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -> [2012/06/08 21:42:12 | 001,668,952 | ---- | M] (Trusteer Ltd.)
rapportmgmtservice.exe -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.)
youcam.exe -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe -> [2012/02/16 22:08:06 | 000,230,696 | ---- | M] (CyberLink Corp.)
ycmmirage.exe -> C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe -> [2012/02/16 22:08:06 | 000,136,488 | ---- | M] (CyberLink)
armsvc.exe -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated)
deskupdatenotifier.exe -> C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe -> [2011/11/10 14:34:38 | 000,100,120 | ---- | M] (Fujitsu Technology Solutions)
sua.exe -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia)
bthelpbrowser.exe -> C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe -> [2011/05/26 16:04:16 | 001,069,568 | ---- | M] (Alcatel-Lucent)
mccicontexthookshim.exe -> C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe -> [2011/05/26 16:03:28 | 000,207,872 | ---- | M] (Alcatel-Lucent)
indicatoruty.exe -> C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe -> [2009/10/09 22:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED)
fuj02e3.exe -> C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe -> [2009/10/08 21:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED)
 
[Modules - No Company Name]
ppgooglenaclpluginchrome.dll -> C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll -> [2012/06/28 11:28:56 | 000,438,296 | ---- | M] ()
pdf.dll -> C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll -> [2012/06/28 11:28:54 | 003,972,120 | ---- | M] ()
libglesv2.dll -> C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll -> [2012/06/28 11:27:40 | 000,554,520 | ---- | M] ()
libegl.dll -> C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll -> [2012/06/28 11:27:38 | 000,117,784 | ---- | M] ()
avutil-51.dll -> C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll -> [2012/06/28 11:27:29 | 000,140,328 | ---- | M] ()
avformat-54.dll -> C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll -> [2012/06/28 11:27:28 | 000,262,184 | ---- | M] ()
avcodec-54.dll -> C:\Users\John\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll -> [2012/06/28 11:27:26 | 002,386,984 | ---- | M] ()
deskupdatenotifier.ni.exe -> C:\Windows\assembly\NativeImages_v2.0.50727_32\DeskUpdateNotifier\569ae0e6ae16143c894d71502549da74\DeskUpdateNotifier.ni.exe -> [2012/06/17 11:39:22 | 000,115,712 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll -> [2012/06/13 18:23:08 | 012,436,480 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll -> [2012/06/13 18:23:00 | 001,591,808 | ---- | M] ()
rapportms.dll -> C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll -> [2012/05/28 21:32:17 | 000,520,464 | ---- | M] ()
log4net.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\9ab326b1ab7ea0327be0f063a352f29c\log4net.ni.dll -> [2012/05/12 13:07:27 | 000,696,320 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll -> [2012/05/10 11:59:18 | 005,452,800 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll -> [2012/05/10 11:59:14 | 007,967,232 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll -> [2012/05/10 11:59:14 | 000,971,264 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll -> [2012/05/10 11:59:08 | 011,492,864 | ---- | M] ()
js32.dll -> C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll -> [2012/02/01 14:43:10 | 000,557,056 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(SolutoService)  [Auto | Running] -> C:\Program Files\Soluto\SolutoService.exe -> [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto)
64bit-(NisSrv)  [On_Demand | Stopped] -> C:\Program Files\Microsoft Security Client\NisSrv.exe -> [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation)
64bit-(MsMpSvc)  [Auto | Running] -> C:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation)
64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com)
64bit-(PFNService)  [Auto | Running] -> C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe -> [2010/06/23 18:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED)
64bit-(VFPRadioSupportService)  [Auto | Running] -> C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -> [2009/12/24 13:43:40 | 000,145,840 | ---- | M] (CSR, plc)
64bit-(PowerSavingUtilityService)  [Auto | Running] -> C:\Program Files\Fujitsu\PSUtility\PSUService.exe -> [2009/07/30 11:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED)
64bit-(WinDefend)  [Auto | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/06/22 12:55:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated)
(RapportMgmtService) Rapport Management Service [Auto | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.)
(MozillaMaintenance) Mozilla Maintenance Service [On_Demand | Stopped] -> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -> [2012/06/01 16:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation)
(AdobeARMservice) Adobe Acrobat Update Service [Auto | Running] -> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -> [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated)
(Secunia PSI Agent) Secunia PSI Agent [On_Demand | Stopped] -> C:\Program Files (x86)\Secunia\PSI\PSIA.exe -> [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia)
(Secunia Update Agent) Secunia Update Agent [Auto | Running] -> C:\Program Files (x86)\Secunia\PSI\sua.exe -> [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia)
(TestHandler) Fujitsu Diagnostic Testhandler [On_Demand | Stopped] -> C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe -> [2010/09/24 14:53:40 | 000,384,792 | ---- | M] (Fujitsu Technology Solutions)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
64bit-(RapportKE64) RapportKE64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\RapportKE64.sys -> [2012/06/08 21:42:30 | 000,101,400 | ---- | M] (Trusteer Ltd.)
64bit-(Soluto) Soluto [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\Soluto.sys -> [2012/04/24 17:13:24 | 000,054,728 | ---- | M] (Soluto LTD.)
64bit-(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\NisDrvWFP.sys -> [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation)
64bit-(clwvd) CyberLink WebCam Virtual Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\clwvd.sys -> [2012/02/16 22:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation)
64bit-(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\igdkmd64.sys -> [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation)
64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(dc3d) MS Hardware Device Detection Driver (USB) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation)
64bit-(rstfltr) rstfltr [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rstfltr.sys -> [2011/03/25 11:41:48 | 000,022,552 | ---- | M] (Intel Corporation)
64bit-(rstescu1) rstescu1 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rstescu1.sys -> [2011/03/25 11:41:44 | 000,607,256 | ---- | M] (Intel Corporation)
64bit-(rstescu) rstescu [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rstescu.sys -> [2011/03/25 11:41:42 | 000,607,256 | ---- | M] (Intel Corporation)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices)
64bit-(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbFlt.sys -> [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company)
64bit-(TsUsbGD) Remote Desktop Generic USB Device [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TsUsbGD.sys -> [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation)
64bit-(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2010/09/13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation)
64bit-(PSI) PSI [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\psi_mf.sys -> [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2010/03/04 22:43:00 | 000,346,144 | ---- | M] (Realtek                                            )
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2009/10/09 20:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated)
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(FUJ02E3) Fujitsu FUJ02E3 Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\fuj02e3.sys -> [2006/11/01 20:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED)
64bit-(FUJ02B1) Fujitsu FUJ02B1 Device Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\fuj02b1.sys -> [2006/11/01 20:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED)
(RapportEI64) RapportEI64 [Kernel | System | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -> [2012/06/08 21:42:32 | 000,055,096 | ---- | M] (Trusteer Ltd.)
(RapportPG64) RapportPG64 [Kernel | System | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -> [2012/06/08 21:42:30 | 000,297,048 | ---- | M] (Trusteer Ltd.)
(RapportCerberus_34302) RapportCerberus_34302 [Kernel | System | Running] -> C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys -> [2012/05/12 22:37:27 | 000,397,520 | ---- | M] ()
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -> [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -> [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-GB -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 84 69 6F 0B 73 55 CD 01  [binary data] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\John\AppData\Roaming\Mozilla\FireFox\Profiles\lgla0ssu.default\prefs.js -> 
< FireFox Settings [User.js] > -> C:\Users\John\AppData\Roaming\Mozilla\FireFox\Profiles\lgla0ssu.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 13.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 13.0\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2012/06/08 20:06:17 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\John\AppData\Roaming\Mozilla\Extensions -> [2012/02/04 17:05:06 | 000,000,000 | ---D | M]
  -> C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\extensions -> [2012/05/07 12:02:48 | 000,000,000 | ---D | M]
  -> C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\lgla0ssu.default\extensions\[email protected] -> [2012/05/07 12:02:48 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2012/06/13 18:27:18 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} -> [2012/06/13 18:27:18 | 000,000,000 | ---D | M]
Yontoo -> C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LGLA0SSU.DEFAULT\EXTENSIONS\[email protected] -> [2012/05/07 12:02:48 | 000,000,000 | ---D | M]
< HOSTS File > ([2012/06/30 09:26:50 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{311BA51F-64F2-439D-9A4A-772373D77312} [HKLM] ->  [BufferZone Web Privacy Manager] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/06/13 18:29:29 | 000,350,984 | ---- | M] (Sun Microsystems, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/06/13 18:27:07 | 000,329,480 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"BthSyncServ" ->  ["C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"] -> File not found
"ConMgr" -> C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe ["C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe"] -> [2009/12/24 13:43:18 | 000,535,440 | ---- | M] (CSR, plc)
"FDM7" -> C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe] -> [2009/11/26 10:35:30 | 000,164,712 | ---- | M] (FUJITSU LIMITED)
"HotKeysCmds" -> C:\Windows\SysNative\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2012/01/10 22:43:08 | 000,392,984 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\SysNative\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2012/01/10 22:43:30 | 000,167,704 | ---- | M] (Intel Corporation)
"LoadBtnHnd" -> C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe] -> [2009/10/15 20:00:24 | 000,035,176 | ---- | M] (FUJITSU LIMITED)
"LoadFujitsuQuickTouch" -> C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe] -> [2009/10/15 20:00:24 | 000,157,544 | ---- | M] (FUJITSU LIMITED)
"MSC" -> C:\Program Files\Microsoft Security Client\msseces.exe ["C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/03/26 18:54:34 | 001,271,168 | ---- | M] (Microsoft Corporation)
"Persistence" -> C:\Windows\SysNative\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2012/01/10 22:43:26 | 000,417,560 | ---- | M] (Intel Corporation)
"PfNet" -> C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe ["C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r] -> [2010/06/23 18:14:52 | 006,310,912 | ---- | M] (FUJITSU LIMITED)
"PSUTility" -> C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [C:\Program Files\Fujitsu\PSUtility\TrayManager.exe] -> [2009/07/30 11:43:02 | 000,188,264 | ---- | M] (FUJITSU LIMITED)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DeskUpdateNotifier" -> C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe ["C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"] -> [2011/11/10 14:34:38 | 000,100,120 | ---- | M] (Fujitsu Technology Solutions)
"IndicatorUtility" -> C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe] -> [2009/10/09 22:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED)
"LoadFUJ02E3" -> C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe] -> [2009/10/08 21:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED)
"YouCam Mirage" -> C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe ["C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"] -> [2012/02/16 22:08:06 | 000,136,488 | ---- | M] (CyberLink)
"YouCam Tray" -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe ["C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s] -> [2012/02/16 22:08:06 | 000,230,696 | ---- | M] (CyberLink Corp.)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [5] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5249 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{8228BD9E-DDC8-46E7-A8E7-AE684F09E144}\\DhcpNameServer -> 192.168.1.254   (Realtek PCIe GBE Family Controller) -> 
{9240EEB7-371D-4AF6-B63B-06FF3317661A}\\DhcpNameServer -> 192.168.1.254   (Atheros AR9285 Wireless Network Adapter) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/14 02:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
/pagefile ->  -> File not found
*MultiFile Done* -> -> 
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\SysNative\igfxdev.dll -> [2012/01/10 21:19:06 | 000,390,656 | ---- | M] (Intel Corporation)
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications -> 
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -> 
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0055790A-B7C0-46B6-B69C-9778A1897EDA} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=file and printer sharing (llmnr-udp-in) | app=c:\windows\system32\svchost.exe | svc=dnscache | 
{23E2B8BB-96A4-4A33-B7A5-A7575E858806} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{3C35034E-3CA0-4B1D-8A52-6A0FE329FE7F} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=file and printer sharing (smb-out) | app=system | 
{5001546E-ABEF-4113-893C-06298A93853A} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=file and printer sharing (spooler service - rpc-epmap) | svc=rpcss | 
{5CEE3375-91E5-498E-B010-E94D0FB061DD} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=file and printer sharing (spooler service - rpc) | app=c:\windows\system32\spoolsv.exe | svc=spooler | 
{90FF2A1B-470A-4F1E-BB91-3FF2DD02FE17} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=file and printer sharing (nb-datagram-in) | app=system | 
{97102EE5-F508-46AC-B762-0EEDB15F160C} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=file and printer sharing (nb-session-out) | app=system | 
{9729AA25-2439-425E-B14D-ABCAE8C6BCF8} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{A34AD425-0361-4A9A-9230-F416982BD5C9} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{AB52D21D-3703-4FF3-AA7C-FB64A004E4B4} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{B284647C-BF86-4340-B873-65B6F91BC41A} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=file and printer sharing (nb-session-in) | app=system | 
{C63F7B8E-135A-42D6-8BED-7B4BBACA934B} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system | 
{C8484714-83D1-4186-A432-DC61B20A8863} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=file and printer sharing (smb-in) | app=system | 
{C8DF7688-AE9F-42D1-95E2-86B2F8E3AB36} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{D8246AA0-5CF5-4F57-B44D-3007EF53A0EE} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=file and printer sharing (nb-name-out) | app=system | 
{E1D5D869-2556-4432-881A-E1448193FD0C} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=file and printer sharing (llmnr-udp-out) | app=c:\windows\system32\svchost.exe | svc=dnscache | 
{E43E5DF7-7EF9-4535-8BF2-EAC11BC630AE} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=file and printer sharing (nb-datagram-out) | app=system | 
{EB6B70F6-A17F-41E4-BC5A-6DBFEF0B994F} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{EB79E7E1-28FD-4D89-8F05-417142D999EC} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system | 
{EFDF8F5B-5558-43F2-9F2E-E17DFBBD4AB3} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=file and printer sharing (nb-name-in) | app=system | 
{F6776ADB-4117-487E-A626-3C7755DBD065} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{01860C3F-6358-4904-B817-09687886F255} -> profile=private | protocol=17 | dir=in | action=allow | name=bt broadband desktop help notifier | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
{020A1447-4FE2-4D13-BAC0-5B8206CB21B8} -> profile=public | protocol=6 | dir=in | action=allow | name=bt broadband desktop help notifier | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
{0226BBBD-6371-4964-B692-E285FBB56C3B} -> profile=private | protocol=17 | dir=in | action=allow | name=solutoinstaller | app=c:\users\john\desktop\solutoinstaller.exe | 
{0ACB180C-5730-46AA-9CD8-47FFFB1ECF0C} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{0C44E59B-E843-4A9E-AEE6-4A01C9E56D19} -> profile=private | protocol=6 | dir=in | action=allow | name=bt broadband desktop help notifier | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
{0DFC2B78-F932-4984-964A-347B41EA6537} -> profile=private | protocol=6 | dir=in | action=allow | name=solutoinstaller | app=c:\users\john\desktop\solutoinstaller.exe | 
{10CCE78F-B138-4C0A-91CD-78439D86DF0C} -> profile=public | protocol=17 | dir=in | action=allow | name=bt broadband desktop help | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe | 
{12FBE316-188B-4EF5-B621-597ACFD7DFD8} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{1B9796B0-477C-405E-9712-B8B0BDC13568} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{1F8655B8-3879-4BD3-97BB-E5F78543B751} -> profile=private | protocol=17 | dir=in | action=allow | name=soluto service | app=c:\program files\soluto\solutoservice.exe | 
{218EF1A9-F2DE-403D-816F-BD45C8BDBBC4} -> profile=private | protocol=6 | dir=in | action=allow | name=soluto tray | app=c:\program files\soluto\soluto.exe | 
{2199D63D-C4CC-4380-B2E2-B70C502247F3} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{24EE0C27-5072-4598-952E-5602AEEB8F4F} -> profile=private | protocol=17 | dir=in | action=allow | name=solutoinstaller | app=c:\users\john\downloads\solutoinstaller.exe | 
{2964ABB5-770A-4520-B6FD-976EC2A27891} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{2F3618B6-73A1-4AB0-AE78-EDA7732CE064} -> profile=private | protocol=1 | dir=in | action=allow | name=file and printer sharing (echo request - icmpv4-in) | 
{3317F8CD-7F0F-4850-8543-09EEADAC93D2} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{3F4C1996-8CE8-4927-A882-C7E93F36EED4} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{43ADA4E4-C32B-4E80-A0B9-22CE91644DFA} -> profile=private | protocol=58 | dir=in | action=allow | name=file and printer sharing (echo request - icmpv6-in) | 
{46E5E54F-E66B-44FC-88E9-97BB730EFC88} -> profile=private | protocol=6 | dir=in | action=allow | name=bt broadband desktop help | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe | 
{51B19E6C-7AEC-4A9C-B0D7-B5B29EC36FB2} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{71624236-77C8-4303-859F-63BEC12EA30F} -> profile=private | protocol=6 | dir=in | action=allow | name=norton removal tool | app=c:\users\john\appdata\local\temp\7zse34c.tmp\symnrt.exe | 
{72E9034F-3251-4CEC-B731-ECD7F1766B21} -> profile=private | protocol=17 | dir=in | action=allow | name=norton removal tool | app=c:\users\john\appdata\local\temp\7zsd401.tmp\symnrt.exe | 
{74740070-565D-46E8-B85B-E08707DE6676} -> profile=private | protocol=17 | dir=in | action=allow | name=norton removal tool | app=c:\users\john\appdata\local\temp\7zse34c.tmp\symnrt.exe | 
{7BBAFEA5-B6F1-4AE9-A28B-74E44CC51D61} -> profile=private | protocol=1 | dir=out | action=allow | name=file and printer sharing (echo request - icmpv4-out) | 
{7E486DDC-CBB8-4CAB-952E-25E4DCF33855} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{92EE8FED-54F5-4B07-9637-F008B7A458BC} -> profile=public | protocol=17 | dir=in | action=allow | name=bt broadband desktop help notifier | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe | 
{9B24627D-3BC9-459B-84EA-3D23C0FEA2D5} -> profile=private | protocol=6 | dir=in | action=allow | name=norton removal tool | app=c:\users\john\appdata\local\temp\7zsd401.tmp\symnrt.exe | 
{9D7AE353-3615-4170-B393-B901378E96DB} -> profile=private | protocol=6 | dir=in | action=allow | name=solutoinstaller | app=c:\users\john\downloads\solutoinstaller.exe | 
{9F0C785B-4CE2-4760-95F4-48C7B5503883} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{A0E61E8A-28A2-4E46-9873-8ED363C30743} -> profile=private | protocol=6 | dir=in | action=allow | name=soluto update service | app=c:\program files\soluto\solutoupdateservice.exe | 
{A2E12481-EF55-4DE2-A22F-ABC3D529AB45} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{A3F44873-3C76-4E92-9F6F-D17F545E7D60} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system | 
{A63C81F4-CEB0-4610-AE01-B1DCB4D08E89} -> profile=private | protocol=17 | dir=in | action=allow | name=soluto tray | app=c:\program files\soluto\soluto.exe | 
{A660B3A4-59A0-4E13-82EE-EF7B40CED840} -> profile=private | protocol=17 | dir=in | action=allow | name=soluto console | app=c:\program files\soluto\solutoconsole.exe | 
{AD874A5D-2331-4BCF-BE37-2A5FEA71492C} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{B4DF29F0-38A0-48A6-ADB8-419739DBDBEC} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{D4A13769-6F72-4952-82ED-8B71D20578D9} -> profile=private | protocol=17 | dir=in | action=allow | name=bt broadband desktop help | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe | 
{DA411CBE-7EE6-4889-8E5A-C5FB82D9A58C} -> profile=private | protocol=6 | dir=in | action=allow | name=soluto service | app=c:\program files\soluto\solutoservice.exe | 
{DE3B92BD-1066-4165-BDE9-594917582808} -> profile=private | protocol=6 | dir=in | action=allow | name=soluto console | app=c:\program files\soluto\solutoconsole.exe | 
{F738136D-965E-463F-B5C6-32E00F641ADA} -> profile=public | protocol=6 | dir=in | action=allow | name=bt broadband desktop help | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe | 
{F861D61B-4584-4AEF-B914-2C02925EA0DC} -> profile=private | protocol=58 | dir=out | action=allow | name=file and printer sharing (echo request - icmpv6-out) | 
{FA11049A-2511-4738-8503-8725E1B57200} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{FF88BF2F-D772-476D-97C7-5C221679C1F0} -> profile=private | protocol=17 | dir=in | action=allow | name=soluto update service | app=c:\program files\soluto\solutoupdateservice.exe | 
TCP Query User{56803CE1-0F5D-41D4-92A9-E91810BDB515}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{85CD9877-2912-4CED-AD8D-82327B490EFE}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2010/11/21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 temp -> C:\Windows\temp -> [2012/06/30 15:12:14 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2012/06/30 09:19:39 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2012/06/30 09:19:39 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/06/30 09:19:39 | 000,060,416 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2012/06/30 09:18:12 | 000,000,000 | ---D | C]
 erdnt -> C:\Windows\erdnt -> [2012/06/30 09:18:03 | 000,000,000 | ---D | C]
 Google Earth -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth -> [2012/06/29 21:32:47 | 000,000,000 | ---D | C]
 sh4ldr -> C:\sh4ldr -> [2012/06/28 22:57:00 | 000,000,000 | ---D | C]
 Enigma Software Group -> C:\Program Files\Enigma Software Group -> [2012/06/28 22:57:00 | 000,000,000 | ---D | C]
 Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2012/06/28 22:56:14 | 000,000,000 | ---D | C]
 Deployment -> C:\Users\John\AppData\Local\Deployment -> [2012/06/28 22:16:21 | 000,000,000 | ---D | C]
 Apps -> C:\Users\John\AppData\Local\Apps -> [2012/06/28 22:16:21 | 000,000,000 | ---D | C]
 Macromedia -> C:\Users\John\AppData\Local\Macromedia -> [2012/06/23 10:51:15 | 000,000,000 | ---D | C]
 wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2012/06/21 12:20:21 | 002,622,464 | ---- | C] (Microsoft Corporation)
 wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2012/06/21 12:20:21 | 000,057,880 | ---- | C] (Microsoft Corporation)
 wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2012/06/21 12:20:21 | 000,044,056 | ---- | C] (Microsoft Corporation)
 wuapi.dll -> C:\Windows\SysNative\wuapi.dll -> [2012/06/21 12:20:12 | 000,701,976 | ---- | C] (Microsoft Corporation)
 wudriver.dll -> C:\Windows\SysNative\wudriver.dll -> [2012/06/21 12:20:12 | 000,099,840 | ---- | C] (Microsoft Corporation)
 wups.dll -> C:\Windows\SysNative\wups.dll -> [2012/06/21 12:20:12 | 000,038,424 | ---- | C] (Microsoft Corporation)
 wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2012/06/21 12:19:57 | 000,186,752 | ---- | C] (Microsoft Corporation)
 wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2012/06/21 12:19:57 | 000,036,864 | ---- | C] (Microsoft Corporation)
 Firetrust -> C:\Users\John\AppData\Roaming\Firetrust -> [2012/06/19 19:27:33 | 000,000,000 | ---D | C]
 Firetrust -> C:\Program Files (x86)\Firetrust -> [2012/06/19 19:27:09 | 000,000,000 | ---D | C]
 MGADiagToolOutput -> C:\MGADiagToolOutput -> [2012/06/17 20:20:29 | 000,000,000 | ---D | C]
 Office Genuine Advantage -> C:\ProgramData\Office Genuine Advantage -> [2012/06/17 20:19:36 | 000,000,000 | ---D | C]
 npdeployJava1.dll -> C:\Windows\SysNative\npdeployJava1.dll -> [2012/06/13 18:29:36 | 000,544,008 | ---- | C] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2012/06/13 18:29:36 | 000,191,240 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2012/06/13 18:29:36 | 000,172,296 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2012/06/13 18:29:36 | 000,172,296 | ---- | C] (Sun Microsystems, Inc.)
 Java -> C:\Program Files\Java -> [2012/06/13 18:29:26 | 000,000,000 | ---D | C]
 npdeployJava1.dll -> C:\Windows\SysWow64\npdeployJava1.dll -> [2012/06/13 18:27:14 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2012/06/13 18:27:14 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2012/06/13 18:27:14 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2012/06/13 18:27:14 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.)
 Java -> C:\Program Files (x86)\Java -> [2012/06/13 18:27:01 | 000,000,000 | ---D | C]
 mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2012/06/13 18:03:21 | 000,096,768 | ---- | C] (Microsoft Corporation)
 mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2012/06/13 18:03:21 | 000,073,216 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysNative\url.dll -> [2012/06/13 18:03:20 | 000,237,056 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\SysWow64\url.dll -> [2012/06/13 18:03:20 | 000,231,936 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2012/06/13 18:03:18 | 000,248,320 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2012/06/13 18:03:18 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2012/06/13 18:03:17 | 000,173,056 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2012/06/13 18:03:17 | 000,142,848 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2012/06/13 18:03:15 | 001,494,528 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2012/06/13 18:03:15 | 001,427,968 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\SysNative\jscript9.dll -> [2012/06/13 18:03:14 | 002,311,680 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2012/06/13 18:03:14 | 000,716,800 | ---- | C] (Microsoft Corporation)
 jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2012/06/13 18:03:13 | 000,818,688 | ---- | C] (Microsoft Corporation)
 msi.dll -> C:\Windows\SysNative\msi.dll -> [2012/06/13 18:02:46 | 003,216,384 | ---- | C] (Microsoft Corporation)
 rdpcorekmts.dll -> C:\Windows\SysNative\rdpcorekmts.dll -> [2012/06/13 18:02:46 | 000,149,504 | ---- | C] (Microsoft Corporation)
 rdpwsx.dll -> C:\Windows\SysNative\rdpwsx.dll -> [2012/06/13 18:02:45 | 000,077,312 | ---- | C] (Microsoft Corporation)
 rdrmemptylst.exe -> C:\Windows\SysNative\rdrmemptylst.exe -> [2012/06/13 18:02:45 | 000,009,216 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2012/06/13 18:02:42 | 005,559,664 | ---- | C] (Microsoft Corporation)
 ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2012/06/13 18:02:42 | 003,913,072 | ---- | C] (Microsoft Corporation)
 ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2012/06/13 18:02:41 | 003,968,368 | ---- | C] (Microsoft Corporation)
 crypt32.dll -> C:\Windows\SysNative\crypt32.dll -> [2012/06/13 18:02:31 | 001,462,272 | ---- | C] (Microsoft Corporation)
 cryptnet.dll -> C:\Windows\SysNative\cryptnet.dll -> [2012/06/13 18:02:31 | 000,140,288 | ---- | C] (Microsoft Corporation)
 Downloads -> C:\Users\John\Documents\Downloads -> [2012/06/11 21:09:57 | 000,000,000 | ---D | C]
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/06/30 15:36:00 | 000,000,894 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/06/30 15:32:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000UA.job -> [2012/06/30 15:22:01 | 000,000,904 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/06/30 12:36:00 | 000,000,890 | ---- | M] ()
 ComboFix - Shortcut.lnk -> C:\Users\John\Desktop\ComboFix - Shortcut.lnk -> [2012/06/30 10:02:55 | 000,013,409 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/06/30 09:26:50 | 000,000,027 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012/06/30 08:40:42 | 000,067,584 | --S- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/30 07:36:29 | 000,028,352 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/06/30 07:36:29 | 000,028,352 | -H-- | M] ()
 Ikeext.etl -> C:\Windows\SysNative\Ikeext.etl -> [2012/06/30 07:29:10 | 000,065,536 | ---- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/06/30 07:28:56 | 3061,227,520 | -HS- | M] ()
 GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000Core.job -> [2012/06/29 22:22:02 | 000,000,852 | ---- | M] ()
 Google Chrome.lnk -> C:\Users\John\Desktop\Google Chrome.lnk -> [2012/06/29 10:24:02 | 000,002,402 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2012/06/22 12:55:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2012/06/22 12:55:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated)
 census.cache -> C:\Users\John\AppData\Local\census.cache -> [2012/06/18 13:36:24 | 000,831,743 | ---- | M] ()
 ars.cache -> C:\Users\John\AppData\Local\ars.cache -> [2012/06/18 13:36:19 | 000,099,986 | ---- | M] ()
 npdeployJava1.dll -> C:\Windows\SysNative\npdeployJava1.dll -> [2012/06/13 18:29:28 | 000,544,008 | ---- | M] (Sun Microsystems, Inc.)
 deployJava1.dll -> C:\Windows\SysNative\deployJava1.dll -> [2012/06/13 18:29:28 | 000,525,576 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysNative\javaws.exe -> [2012/06/13 18:29:28 | 000,191,240 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysNative\javaw.exe -> [2012/06/13 18:29:28 | 000,172,296 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysNative\java.exe -> [2012/06/13 18:29:28 | 000,172,296 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2012/06/13 18:27:05 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2012/06/13 18:27:05 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\Windows\SysWow64\java.exe -> [2012/06/13 18:27:05 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.)
 npdeployJava1.dll -> C:\Windows\SysWow64\npdeployJava1.dll -> [2012/06/13 18:27:03 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.)
 deployJava1.dll -> C:\Windows\SysWow64\deployJava1.dll -> [2012/06/13 18:27:03 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.)
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/06/13 18:15:24 | 000,275,120 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/06/13 18:11:41 | 000,735,442 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/06/13 18:11:41 | 000,618,108 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/06/13 18:11:41 | 000,107,388 | ---- | M] ()
 RapportKE64.sys -> C:\Windows\SysNative\drivers\RapportKE64.sys -> [2012/06/08 21:42:30 | 000,101,400 | ---- | M] (Trusteer Ltd.)
 Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2012/06/08 20:06:20 | 000,001,059 | ---- | M] ()
 wups.dll -> C:\Windows\SysNative\wups.dll -> [2012/06/02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation)
 wuauclt.exe -> C:\Windows\SysNative\wuauclt.exe -> [2012/06/02 23:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation)
 wups2.dll -> C:\Windows\SysNative\wups2.dll -> [2012/06/02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation)
 wuapi.dll -> C:\Windows\SysNative\wuapi.dll -> [2012/06/02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation)
 wucltux.dll -> C:\Windows\SysNative\wucltux.dll -> [2012/06/02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation)
 wudriver.dll -> C:\Windows\SysNative\wudriver.dll -> [2012/06/02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation)
 wuwebv.dll -> C:\Windows\SysNative\wuwebv.dll -> [2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation)
 wuapp.exe -> C:\Windows\SysNative\wuapp.exe -> [2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation)
 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 
[Files - No Company Name]
 ComboFix - Shortcut.lnk -> C:\Users\John\Desktop\ComboFix - Shortcut.lnk -> [2012/06/30 10:02:55 | 000,013,409 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2012/06/30 09:19:39 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2012/06/30 09:19:39 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2012/06/30 09:19:39 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2012/06/30 09:19:39 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2012/06/30 09:19:39 | 000,068,096 | ---- | C] ()
 Google Chrome.lnk -> C:\Users\John\Desktop\Google Chrome.lnk -> [2012/06/28 22:17:49 | 000,002,402 | ---- | C] ()
 GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000UA.job -> [2012/06/28 22:17:10 | 000,000,904 | ---- | C] ()
 GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1563728814-3900708264-3500266175-1000Core.job -> [2012/06/28 22:17:10 | 000,000,852 | ---- | C] ()
 census.cache -> C:\Users\John\AppData\Local\census.cache -> [2012/05/18 16:20:51 | 000,831,743 | ---- | C] ()
 ars.cache -> C:\Users\John\AppData\Local\ars.cache -> [2012/05/18 16:20:13 | 000,099,986 | ---- | C] ()
 housecall.guid.cache -> C:\Users\John\AppData\Local\housecall.guid.cache -> [2012/05/18 16:11:48 | 000,000,036 | ---- | C] ()
 UserTile.png -> C:\Users\John\AppData\Roaming\UserTile.png -> [2012/01/30 17:37:13 | 000,019,414 | ---- | C] ()
 Microsoft.SqlServer.Compact.351.64.bc -> C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc -> [2012/01/17 14:47:27 | 000,000,193 | ---- | C] ()
 PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2012/01/16 16:35:45 | 000,735,230 | ---- | C] ()
 ig4icd32.dll -> C:\Windows\SysWow64\ig4icd32.dll -> [2012/01/10 21:29:54 | 013,904,384 | ---- | C] ()
 igkrng575.bin -> C:\Windows\SysWow64\igkrng575.bin -> [2011/08/31 20:51:16 | 000,867,020 | ---- | C] ()
 igcompkrng575.bin -> C:\Windows\SysWow64\igcompkrng575.bin -> [2011/08/31 20:51:16 | 000,128,204 | ---- | C] ()
 igfcg575m.bin -> C:\Windows\SysWow64\igfcg575m.bin -> [2011/08/31 20:51:16 | 000,105,608 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
```


----------



## dvk01 (Dec 14, 2002)

sorry, that isn't showing it so we need to run ots again but with different settings please


Close any open browsers.
Double-click on *OTS.exe* to start the program.
If your Real protection or Antivirus intervenes with OTS, allow it to run.
In the *Processes * group click *ALL*
In the *modules * group click *ALL* 
In the * Services * group click *Safe List* 
In the *Drivers* group click *Safe List* 
In the *Registry * group click *ALL*
In the *Files Age* drop down box click *90 days* 
Make sure use company name white list and skip Microsoft files boxes are checked
 In the Files created and Files modified groups select *whitelist/file age *
in the *Additional scans sections* please select * Everything *and make sure safe list box is checked
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file 
Use the * Reply* button and *attach the notepad file here*. I will review it when it comes in. 

It will be much too big so you will need to zip the file before it will be able to be uploaded


----------



## Brigham (Aug 24, 2010)

I have run the scan,but I don't know how to zip the notepad files


----------



## dvk01 (Dec 14, 2002)

right click the file & select send to compressed(zip) folder
that makes a zip file in the same folder as the notepad file


----------



## Brigham (Aug 24, 2010)

dvk01 said:


> right click the file & select send to compressed(zip) folder
> that makes a zip file in the same folder as the notepad file


When I right click the file I don't have a send to option


----------



## dvk01 (Dec 14, 2002)

you do

make sure the file is saved to desktop then go to desktop & right click it 
I suspect that you are trying to right click the shortcut on the taskbar


----------



## Brigham (Aug 24, 2010)

I've got it zipped up on the desktop. How do I get it into the message box. I've tried dragging it but that doesn't work


----------



## dvk01 (Dec 14, 2002)

press reply & manage attachments, then follow prompts


----------



## Brigham (Aug 24, 2010)

I still can't do it. I get to the select


----------



## Brigham (Aug 24, 2010)

I get to the select bit and then I click on the zipped file and then what? I am beginning to think I should give up my computer altogether.


----------



## dvk01 (Dec 14, 2002)

it is so simple all you do is press reply
press manage attachments
when it pops up
press browse
navigate to & select the file so the name appears in the little box. Press upload. when it has uploaded then press close on the pop up window & then press send on the main window 

If you cannot do that then you are best to take your computer to a repair shop to have it fixed, from the malware that you have caused and allowed to install becaue you didn't bother to read or watch what you are installing


----------

