Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack Juggle.com


  • This topic is locked This topic is locked
18 replies to this topic

#1 cuate

cuate

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 18 September 2010 - 05:49 PM

Sometimes, when I search using my saved search engine, google, and I click on a link, it takes me to

juggle.com, not the site I requested.

I have windows 7 and use Firefox.

I had a virus last week, but avg found and removed it, this may be a residual problem?
I'm not very computer savvy, can you help?


DDS (Ver_10-03-17.01) - NTFSX64
Run by Paulette at 18:20:21.01 on Sat 09/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2729 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paulette\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files (x86)\common files\homepage protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c
uRun: [Vmufiyovoxan] rundll32.exe "c:\users\paulette\appdata\local\utasozoqocef.dll",Startup
mRun: [<NO NAME>]
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\paulette\appdata\roaming\mozilla\firefox\profiles\55e7gjq9.default\
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\paulette\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-1-20 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-1-20 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-1-20 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-6-24 292864]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-4-1 139264]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-10-10 215040]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-17 228408]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2010-5-27 106496]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-17 216064]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-22 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-09-03 12:22:57 144384 ----a-w- c:\windows\system32\cdd.dll

==================== Find3M ====================

2010-07-15 23:36:24 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-06-25 11:40:31 53248 ----a-w- c:\windows\syswow64\CSVer.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-28 21:10:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-29 13:44:41 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 18:21:05.48 ===============


I cannot get the gmer to work.

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:10 AM

Posted 26 September 2010 - 07:20 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 26 September 2010 - 08:46 AM


DDS (Ver_10-03-17.01) - NTFSX64
Run by Paulette at 9:32:39.96 on Sun 09/26/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2740 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Paulette\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - c:\program files (x86)\common files\homepage protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /c
uRun: [Vmufiyovoxan] rundll32.exe "c:\users\paulette\appdata\local\utasozoqocef.dll",Startup
mRun: [<NO NAME>]
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\paulette\appdata\roaming\mozilla\firefox\profiles\55e7gjq9.default\
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\paulette\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-1-20 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-1-20 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-1-20 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-6-24 292864]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-4-1 139264]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-10-10 215040]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-17 228408]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2010-5-27 106496]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-17 216064]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-22 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-09-22 00:43:13 56 ----a-w- c:\windows\system32err.xml
2010-09-03 12:22:57 144384 ----a-w- c:\windows\system32\cdd.dll

==================== Find3M ====================

2010-07-15 23:36:24 13048 ----a-w- c:\windows\system32\avgrssta.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-28 21:10:14 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-29 13:44:41 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:32:55.16 ===============



Regarding the gmer log, I'm having trouble. When I try to click on gmer.exe i get a msg that says c:/windows/system32/config/sysytem: The system cannot find the file specified.

Thank you!

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 30 September 2010 - 02:09 PM

Hi cuate,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Step2

We need to create an OTL Report
  1. Please OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the OTL icon on your desktop.
  4. Click the "Scan All Users" checkbox. .
  5. Push the Run Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


In your next reply, please post back:

1.MBAM log
2.OTListIt.txt and Extra.txt

Please detail the problems you're still experiencing now.

#5 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2010 - 02:52 PM

HI sundavis, thank you! Here are the logs. When I ran mbam it said it could not remove something and to restart. I did that and got an error msg when the computer started up again saying.."There was a problem starting c/users/paulette/appdata/local/utasozoqocef.dll


OTL logfile created on: 9/30/2010 3:41:11 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Paulette\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.82 Gb Total Space | 178.52 Gb Free Space | 80.84% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.39 Gb Total Space | 7.36 Gb Free Space | 99.59% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULETTE-PC
Current User Name: Paulette
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/30 15:40:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paulette\Downloads\OTL.exe
PRC - [2010/08/11 17:19:30 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/15 19:36:27 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 19:36:18 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/09/30 15:40:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paulette\Downloads\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/15 19:36:18 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/24 13:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010/07/15 19:36:26 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 19:36:15 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/03 18:17:22 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/04/01 18:47:44 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/04/01 18:46:10 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/04/01 18:46:09 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/24 13:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 13:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 13:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 13:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 13:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/19 00:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/12 14:26:00 | 000,106,496 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [2007/03/12 14:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\STK02NW2.sys -- (DCamUSBSTK02N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
IE - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hotmail.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {5D3DD3B2-C48B-443C-83C5-C04722736B65}:1.9.1
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/23 16:45:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/11 17:19:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/17 20:32:08 | 000,000,000 | ---D | M]

[2009/11/16 19:48:07 | 000,000,000 | ---D | M] -- C:\Users\Paulette\AppData\Roaming\Mozilla\Extensions
[2010/07/14 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\Paulette\AppData\Roaming\Mozilla\Firefox\Profiles\55e7gjq9.default\extensions
[2010/01/20 18:22:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1493847663-2536701045-76054906-1001..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/30 15:28:21 | 000,000,000 | ---D | C] -- C:\Users\Paulette\AppData\Roaming\Malwarebytes
[2010/09/30 15:28:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/30 15:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/30 15:28:07 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/30 15:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/03 08:22:57 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

========== Files - Modified Within 30 Days ==========

[2010/09/30 15:44:10 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/30 15:44:10 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/30 15:44:10 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/30 15:38:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/30 15:38:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/30 15:37:54 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/30 15:37:17 | 001,835,008 | -HS- | M] () -- C:\Users\Paulette\NTUSER.DAT
[2010/09/30 15:37:14 | 003,523,433 | -H-- | M] () -- C:\Users\Paulette\AppData\Local\IconCache.db
[2010/09/30 15:32:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/30 15:32:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/30 15:28:12 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/30 15:28:01 | 065,481,338 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/30 15:24:31 | 000,000,120 | ---- | M] () -- C:\Users\Paulette\AppData\Local\Oxurabuc.dat
[2010/09/30 15:24:30 | 000,000,000 | ---- | M] () -- C:\Users\Paulette\AppData\Local\Gperisohunir.bin
[2010/09/30 15:24:06 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPaulette.job
[2010/09/21 20:43:13 | 000,000,056 | ---- | M] () -- C:\Windows\system32err.xml
[2010/09/18 18:19:21 | 000,001,362 | ---- | M] () -- C:\Users\Paulette\Desktop\dds - Shortcut.lnk
[2010/09/17 20:32:08 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/09/30 15:28:12 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/21 20:43:13 | 000,000,056 | ---- | C] () -- C:\Windows\system32err.xml
[2010/09/18 18:19:21 | 000,001,362 | ---- | C] () -- C:\Users\Paulette\Desktop\dds - Shortcut.lnk
[2010/08/21 10:44:35 | 000,000,120 | ---- | C] () -- C:\Users\Paulette\AppData\Local\Oxurabuc.dat
[2010/08/21 10:44:35 | 000,000,000 | ---- | C] () -- C:\Users\Paulette\AppData\Local\Gperisohunir.bin
[2010/02/05 11:09:54 | 000,001,867 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/01 17:57:53 | 000,000,000 | ---- | C] () -- C:\Users\Paulette\AppData\Roaming\wklnhst.dat
[2009/11/16 21:40:00 | 000,000,000 | ---- | C] () -- C:\Users\Paulette\AppData\Local\QSwitch.txt
[2009/11/16 21:40:00 | 000,000,000 | ---- | C] () -- C:\Users\Paulette\AppData\Local\DSwitch.txt
[2009/11/16 21:40:00 | 000,000,000 | ---- | C] () -- C:\Users\Paulette\AppData\Local\AtStart.txt
[2009/11/16 21:39:57 | 000,000,193 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/10/10 14:47:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/10/10 14:47:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/10/10 14:47:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/10/10 14:46:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/10/10 14:45:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/10/10 14:45:24 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/17 16:22:33 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/17 16:18:04 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/17 16:16:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/17 16:15:15 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >


OTL Extras logfile created on: 9/30/2010 3:41:11 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Paulette\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.82 Gb Total Space | 178.52 Gb Free Space | 80.84% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.39 Gb Total Space | 7.36 Gb Free Space | 99.59% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULETTE-PC
Current User Name: Paulette
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1493847663-2536701045-76054906-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F424493-B0F2-43A4-A892-DFA447B2A59D}" = STK02N 2.4.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Homepage Protection" = Homepage Protection
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"SendSpaceWizard" = SendSpace Wizard
"Streamer" = Streamer (remove only)
"Trillian" = Trillian
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1493847663-2536701045-76054906-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2010 8:47:40 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/18/2010 8:47:40 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/18/2010 8:47:40 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/18/2010 8:47:40 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/18/2010 8:47:41 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/18/2010 8:47:47 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/18/2010 8:47:48 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/18/2010 8:47:51 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/21/2010 10:39:25 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/22/2010 8:14:30 AM | Computer Name = Paulette-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 1/1/2010 1:44:21 PM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 1/18/2010 9:39:37 AM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 2/5/2010 10:32:58 AM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/5/2010 10:32:58 AM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/17/2010 8:29:20 PM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 3/6/2010 10:49:11 PM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 3/6/2010 10:49:11 PM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/4/2010 7:14:48 PM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/4/2010 7:14:48 PM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/14/2010 7:59:24 AM | Computer Name = Paulette-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ System Events ]
Error - 7/27/2010 8:37:21 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/28/2010 8:42:46 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/28/2010 8:43:04 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/28/2010 8:43:04 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/28/2010 8:43:05 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/28/2010 8:43:05 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/28/2010 8:43:05 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 7/28/2010 8:43:05 AM | Computer Name = Paulette-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 8/28/2010 8:52:55 AM | Computer Name = Paulette-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:42:05 AM on ?8/?28/?2010 was unexpected.

Error - 8/31/2010 8:57:41 AM | Computer Name = Paulette-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4724

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/30/2010 3:35:52 PM
mbam-log-2010-09-30 (15-35-52).txt

Scan type: Quick scan
Objects scanned: 140885
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Paulette\AppData\Local\utasozoqocef.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vmufiyovoxan (Trojan.Hiloti) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Paulette\AppData\Local\utasozoqocef.dll (Trojan.Hiloti) -> Delete on reboot.


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 30 September 2010 - 03:10 PM

Hi cuate,



Looks better. thumbup2.gif After performing the following OTL script, please rerun MBAM and post the log in your next reply.Thanks



Step1
  1. Please start OTL on your desktop.
  2. Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    CODE
    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
    IE - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-1493847663-2536701045-76054906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    [Reboot]
  3. Click Run Fix button on the top.
  4. Click OK and let it run unhindered.
  5. OTL will ask to reboot the machine. Please OK the prompt.
  6. A report will open. Copy and Paste that report in your next reply.
In your next reply, please post back:

1.OTL delete log
2.MBAM log

Tell me if you have any remaining issues on your pc.

Edited by sundavis, 30 September 2010 - 03:38 PM.


#7 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2010 - 03:28 PM

I did ten or so google searches, no more redirecting to juggle.com


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4724

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/30/2010 4:25:08 PM
mbam-log-2010-09-30 (16-25-08).txt

Scan type: Quick scan
Objects scanned: 140724
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1493847663-2536701045-76054906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1493847663-2536701045-76054906-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
File rity] not found.
File ptytemp] not found.
File PTYFLASH] not found.
File sethosts] not found.
File art explorer] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.14.1 log created on 09302010_161401

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...







#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 30 September 2010 - 03:38 PM

Hi cuate,



We nee to scan the remnants with Kas Online scanner. It will take some time to run the full course. Please be patient and do the following:

Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup), On the Update tab, click on Update Now buttons. When done, press Apply and OK the button. Then clear your java cache as instructed in this thread .


Step1

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step2


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.Kas Online Scan Report


Tell me how your pc is running now.


#9 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2010 - 03:57 PM

step 1 is complete, when attempting step 2, Kaspersky I click on accept and after a few seconds I get a pop up error msg

Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.


Tried several times, same error, cannot continue?

#10 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2010 - 04:07 PM

now something is funny with the computer. On this site, for example, I do not see the blue background, just white, with the black print

I tried another familiar site, same thing, no background graphics, just the words??

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 30 September 2010 - 06:28 PM

Hi cuate,



Let's do some mainteance. After that, you may try ESET Online Scanner instead if still not working with Kas Online Scanner.


Step1

Click Start>Run>Type CMD>A command prompt DOS window will open. Type/Paste ipconfig /flushdns and then press Enter to purge the DNS resolver cache.

Open IE, select Tools > Internet Options. Select the Connections tab.
  1. If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  2. In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  3. Click OK.
  4. Click Privacy tab and press Sites button, click Remove all button if there are some urls out there.
  5. Click Advanced tab and click on Reset button
  6. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.


Step2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
  7. Wait for the scan to finish
  8. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  9. Copy and paste that log as a reply to this topic.


#12 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2010 - 08:04 PM

does this seem right? when the scan finished, it asked me to click on finish
and there were two unchecked boxes to the left

I clicked finish without checking the boxes.,

After the scan it said it found two things, one was java download something or other, the other I don't remember?


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Edited by cuate, 30 September 2010 - 08:10 PM.


#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 30 September 2010 - 08:10 PM

QUOTE
does this seem right?

No,The log isn't complete. Can you locate the log from C:\Program Files\EsetOnlineScanner\log.txt

If not, you have to rerun it. Otherwise, take the following instead.

Please go to F-Secure Online Scanner Next Generation
  1. Click on the link "Start your scan".
  2. You may receive an alert on the address bar at this point to install the ActiveX control.
  3. Read the license agreement and click "Accept".
  4. Click "Full System Scan" to download the scanning components and begin scan and cleaning.
  5. When the scan completes, click the Automatic cleaning (recommended) button.
  6. When done click "Show report" and copy/paste its contents into your next reply.
  7. If you have problems to run F-Secure Online Scanner, You may refer to this thread


#14 cuate

cuate
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2010 - 08:51 PM

I ran F Secure

the problem below...happens only in firefox, not IE...

now something is funny with the computer. On this site, for example, I do not see the blue background, just white, with the black print

I tried another familiar site, same thing, no background graphics, just the words??


Scanning Report
Thursday, September 30, 2010 21:22:55 - 21:49:58

Computer name: PAULETTE-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\
11 malware found
TrackingCookie.Questionmarket (spyware)

* System (Disinfected)

TrackingCookie.Advertising (spyware)

* System (Disinfected)

TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

TrackingCookie.Revsci (spyware)

* System (Disinfected)

TrackingCookie.Fastclick (spyware)

* System (Disinfected)

TrackingCookie.Adbrite (spyware)

* System (Disinfected)

TrackingCookie.Webtrends (spyware)

* System (Disinfected)

TrackingCookie.Mediaplex (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 83017
* System: 5723
* Not scanned: 286

Actions:

* Disinfected: 11
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
* C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
* C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
* C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\B843B64536A74CCB2BEA054F3CD1DB75A2CDE494.HOMEGROUPCLASSIFIER\306865B4394103B50AA884DB0A49CC0C\GROUPING\DB.MDB
* C:\USERS\PAULETTE\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_PAULETTE\5028
* C:\USERS\PAULETTE\APPDATA\LOCAL\TEMP\HSPERFDATA_PAULETTE\4864
* C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
* C:\SYSTEM VOLUME INFORMATION\{05CE4F8C-9585-11DF-9856-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{0804F075-A1B8-11DF-8316-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{119D6705-CCD6-11DF-9D4F-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{4179C17C-BC78-11DF-896F-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{4D2F5CF9-8F41-11DF-9DAB-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{625D9172-CCCF-11DF-92E6-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{667B337E-C752-11DF-8437-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{5ADA5C02-93F3-11DF-9D14-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{6A39551C-9A44-11DF-B8F2-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{667B3374-C752-11DF-8437-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{711576CD-ADFC-11DF-9EDD-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{7F482101-937E-11DF-AD60-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{8A423EF9-9068-11DF-8B5D-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{9210130B-A7CF-11DF-9AC1-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{8A423EF4-9068-11DF-8B5D-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{AC953687-B754-11DF-83F0-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{C9CD4FAB-A570-11DF-8A33-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{A0F554D4-C2AC-11DF-984C-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{DBB657FC-94C6-11DF-9F06-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\SYSTEM VOLUME INFORMATION\{DEF776E9-8E28-11DF-99D4-001F16ECB2C9}{3808876B-C176-4E48-B7AE-04046E6CC752}
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00183DD825DF953733FEB2C5E6E00691_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03978CFD73B2779FEFF787ED5737FD4C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0514FB843B2D2DACC5D365C05DC83BF4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0599EFCB6838DB3276CEB56BBBD58BE0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\061A35409A3130A2E59E2F5CF66F7CE1_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0677DE85CA105A7435DC99757C2051DB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0777B3500DF0E98726F8C88374BE55FD_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\071B6A114D1B6D9F92390D1DB0E2AF45_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03AEF237F3305A53B916501046EA6B2A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08B357B6BC366FF0A65379D707FD8771_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D0F9E4BCA2351AF4B6140F31926EB5E_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C5CB58A187D4AF6C3D8639D3A14625D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10448C634D3AAB2D606E8663CBF06589_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10DAA307044C2D40D6CB78E9965CA089_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12453758F6829FC1AFF02CB0693381FE_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13531C32AB92F09B01ACDB76D25EE5C9_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\143F3E3745749E896FFB7EA3CA4D6AED_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1379E7724CDFACAD32E72B39EB6CD10F_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13B70AE497126C0607331C72B6A2640A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14F808D81FA144E9827501E6E5F92A1C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1551A7024993BBA5AFB6A48EE66CC45B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1513A564EF17E3D59520B7CBB6A8D448_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15424E7DC857990F2E717A63F2E1EC28_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\175C83510838346A13226D33BF77A30D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A37DF3EAD845C7D0F21A3467F5F7C10_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1763282FB1103676D393D17E69FA852B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A3B7101B80856E75E9800EEA10FEAEF_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B3772A4E15CE3E46BFAF8E6A77BD3EC_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C4DD629F79CF08394438714E6DF93B7_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C87F1CD9B4312B48E2F8377194BDF7D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E166619953A00A15B3D1EEC465BED7D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E5E151D754807ACCC1D4B3F461D7DD9_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1CABE37634874600DE238CD76F053FFD_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F8E040EBB129E72EF713676A5A4EA95_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\203CBBBF195BE25A6450C52039C708F6_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\215F568BB43B778D4E34D54CF3E95C81_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\234D406816971346F83BC393FBC31976_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2173B25D5B4FF5794CDDA0DD6ED4B217_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\296D5F90EB4E56628961FD41A6830E0F_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\29D0AC4DDC92195E6586AFFBB03319D6_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26B594B546EDB51D4F07EC9A83640CFB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\258D7D00E3567B8C79D331396DB4FB10_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A73BD0E1219600268E4569DEE839CF4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A77C80B29792D37861E1EE79A5D4AC2_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C35C9DFFD1EE728A8AFA2A877EFAE67_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D56379795F3FD8DE81DE5C796A4A0BC_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D7410667253C78E6D4FDEA2785299BF_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32778DCC673E47D0668B45BE719322E0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C7584B6B0D4D8939DC99F3F61DDE288_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\350154DFC63FE46BF2CF95F016C2550D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3339023432D0C80CE916C3F71627F9D0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\33D885F894B9E8FCE22C020DD7A45D6D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34FB6ED9D5A018E92118D2D34800C5FB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\35B72301C5BA98A5A45C20399073153A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\387A4A9B99677AC5C2C94DFB5F17C793_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\371CAF81B1B8D2682C7722307833C30B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A8B5A0442ACE36E5B758AE7C62DD318_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AF36DA044FF80C23A0F4E282F311D3A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B4DC8B9063D89AE0F9941E64FDAF3FA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3D721AEDB0935FFE307732B89112F047_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3ACE671B1A1995680DD96F6D0FF9C57E_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\413D72B0D8E86BAE6C6165666F9DC31D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3FF36A4C7A2A828E58562BB966CCDAD2_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41C66228FF360AA59AFB8FC323E1D14C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40FA2704B35A3AEC3042E7E1749D2D9F_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42EE90A82A3391474E991AE7FD55B1A7_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\41F51F1765E94B9D0E043D3E45C8C4B2_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43DABE16BDBC2EFB6A87DF63B9BB986B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\458878DA3F76ED9FDA98036189AF0F15_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\44764E8AD3B3093C91AC08943C9B66C9_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4AB9C11BFA81327DB09A2E29AC4E616A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B4291E5A2FB82A20450019155C818FF_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45ED7C617E18904232C3E78CD283D700_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EA3D1B884D4DD3A50F46B16735851D3_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EEEDDE5FD54C0092EAD7EFEBCE9F4C2_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51586EDE21918A54355142988A925D23_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FAC9BC0A8792ADDECE85519D3ADD8EA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52F50F438DA2EC61798D16B036FBCEFC_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\520D7AFDF7AFE8F7163B7F48573B6D38_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50CEE0EF1728DE6A838FCC3B23C1F65C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53220B0292030B862A3EBD7D84CD9A77_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5405749BD2BCC1EA8BDAD393718C368B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\543B366197D05EC485642C7CAFEC4C64_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5439D0FC22644D16A8541EF70E8D9C88_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55635614BFC72EC0B4D12054B55C422C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\576C63008F786C5969BCE2A34F9C6DCB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5760F07A9B2B5C9077B51A21A042CFEA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\577E5ECBAFBD7E7BAEDD81573DCAF12B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\593353E9DC21EABD347705C2E3A24A28_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D26BA4BCD7E0EA411017E3862DADCE5_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DC7C6175216D72FB95FD21DB6B8674D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A1DB75BD0326C2D87DEC5B0BA06683B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5DEA7554DBC4206678C969EA3B7DE2D8_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5F641B8E57E4D0EB1BACAA9CE842FD8A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EC8B7B38291E4C31BCA265D4FF12E0F_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EAEBCDDD12E2E1A6FDCFA4F44198183_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64E017FAA8690DCA420AC75F59FB301D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\659ECFC9405B84ABFFE63D185CC50BD8_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\675A0501DF6C0F4F0DD2D1A05FB1F90F_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6843021B6DCF408CC484574001DFB869_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\608376DDAFB90D28AAD6ABE509CA9FE5_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\684EA23C4E46D9789D655264447BB4B0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\66871BE1D0AE6D449C17C5FE6F806624_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69F76F78DC5121A18C746FFB99DDEEC9_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B565E0D22111ED629C89E3A702294C9_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B9FFE15A1B4685235332417ADA9C805_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6D5CA16A544590C7D96284797A544D46_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E2F76F6AD8F6E0AF158C40DB21323D2_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\639D8B0B9403F06430CCB384E29B871B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6ECCD775B41346CE31125974E2AB134E_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71A555A1D4BC153ADC68917E43DF12AA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F01BF301AC60396591CAC3AE7B08428_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71D4F60976D9544F2FC8EBC50831C915_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\721113F48470674A3FA71539703957CB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71FA65772193D9145EA5F958D62F21BF_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A2BF1B110DA382679B25069BDB19C55_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\755B2A7453B4D81CB38E48DEE58BC05A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\764DB9A258BD33068E632528FA96C0B0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\758EACDF4A05701FC1CFEAB108C4A508_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C434A41A213D89F94249C2529A9612A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\79F0A2DD1C1A024BAAD4398D998F4224_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D226D060A41CB8D472DEA74DFE42FD0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E6673B733CD270FEA838680E78DE063_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F8BB3957EF0BE020DCC0B2874EB53E6_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\804F967532993EC48176C47DBF444C5D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\80CAAC314F3BE307E55FD99820A3D990_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\822DB068AC6F3398E6DAD99DA9A75EF9_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82E644BCB5B89862E78B8AF75826868A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8211F1C9DC2C6721FDE2A6AB66E61713_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81CF5E65F654CBFB5A7354957FD58FD0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\878A68C7F1C0D33812D4B968553C4680_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8A6A73CEA8B5E3AC44750D7544C17511_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BA160D050D2C601BBD7DE7758A2CA80_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\88918513F4C8B5624D56389AFFC401BE_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BAC40DDA443D3F57216F9C82957382C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8CFB6A4D32854B56BCC86B53686F2C2C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E056AC2A3AA5E5FD9D36061FFC9FC18_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F4DD15E396AF46421F2AB86148EE3F3_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8BA98E125A5D67D27CEF6F00A42EF211_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92DC1D6EFE146D7CE11FD16B680F61C4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92916E135256FD7A4F9B07EA9B2B56FF_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\932054C155031F055086D9672D14F982_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95A02AE3B51297065D97CE3B1A18D180_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97667CE36758E30A98BDF0D1AE2367E4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F9CC1F35944648352D38CF400DC4BD8_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\994ACE148D641B2693D3AB045FDF40E4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B1712290DED47E72188218DC3BCDD21_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D61C7DF5ACCAE53B80B13274B5BAC50_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DB03A7822F2311C035CD155BA9DC7FD_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98F7661B6D3560C1D0E05A1FFD0A1459_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98339B28D900081A4F9CB6B140670FE7_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9F3C1EDB306755DF8500CB1BD34C0B89_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9E3496075B22FC3379C827D368075643_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9FAC3FAE142070689442CED4700199D7_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2A1B0B491BE680F3F29AA8435E31F99_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3BDF6BDE3E056A04845D4E94078CABA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A33B4DB102A2C1D1CB48AE14422D03CB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A3C10F0FEAC2E6E82A7749957B760E0E_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9DFA0B38DAA14B1050A62FC9A96A40EA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A959E3E52FC902989561403D674E693D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A43FEBB74360333D8E374C11478C3A30_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A44654FFB501782306DD51D6C469A918_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9BE97A769BB48985494A6DC262DEE90_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA6DFDB5DDCC58370FB1D72D540744AF_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAC1E66A4A075BF9CE3BBB97034EE2FA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD03353C9C2C6BF1452C3FC67E8D8995_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ADC89A14F53356C10AD668244532E712_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE3DD32F4B4BC928B0B6B564BB50801D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0F0209A127859E87CD952E6A57E0400_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AFDE7A0278C54A4EA7F97486BEF7A2B4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF87AB90EF8B5318DFB7DC46A9F6B6A6_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B21E8B792B36A991F1B2BAE3A7071077_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B26FEAC65AC39C03B5A57A24AE8053D1_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3A7827D7758A43458998358376134F3_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B50ABC485FF1494B42A7AA1359795E80_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B67203FBAB01945766C04EDC767E0900_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6327C40372E14E8EA9111C584212914_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B88F4B05DE89CE37ECC44BD94B45A8F3_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B93C32F815C25630A0513071CEE5A3E0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BAB0D198AAE9BD1650E6B98D241A9599_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBF59D10B6B444C68EC519A3E435B392_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBECEB542F82372BAAD128885EE0B07D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE287B3E28CA93BA373FFF9811ECFEE0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDC232CF275FEC5AB52AE90D2BDD6C34_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC80FFEEE11EA7BB504D9F77E2054379_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C048D730E8CA87F4EDC7D4703345F4EE_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0AAF59C9403D803BA9AA7AC455F8379_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BED126B6B4737D08DEED39197F4306F7_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C160E0AC055E1B73A346F3F9614767C1_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6A5674CB63E339B317FAE6C31B4B1BB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC9298C6E6056BC04263DC1539B73582_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CCEE258C04E65AEC41667433E9B6BDDA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD257DD878C8EBA42F76A2FD4AB0B5C5_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CECD98E71B0DDE69FDA472C6309D7E69_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CEDD30C9BBA339500A306F2A5B96975B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C5A3DD59CC179F663110D8168811B988_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFAEDA286697DECD7CE73949C3E406BF_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D03DEEE635CCDD793A2C0AEBE3679523_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0D4F417B694CC29C17DC06D125F7980_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D24AB56ECD21916552169B80CE9D018C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4EFC1BF8EB25874647A691D4A8E6279_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D332EBA1EF4B1FC0F97F4F9B3DE17D04_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D33D14B7E6BBB508A65E2F371A6DAB95_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0248F5AD1C16943171A77EBA9DC3BEE_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D391F3EA6862272ED5CD3190A83F5E60_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D44EBF0F7D4EC1227F18CF2F7B70AF45_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6C061AF0C2E146E2438928DCC15DED5_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D662900C20A9F04F72D1DE799F16B797_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D4BE3015CB3C7C835B90C514F9A4EFE4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7174F06F441F616326FFA6535F6308B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA76E4214149EAFC178305834EFA3305_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB327AADC23F4C207C969E3572136CE4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA34A8E6094AB1D8141875DB3B4337A0_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC7CD60640D7B08D0967025F63CDAEF4_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC959203685614F98C3FB9D4708B0521_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DCA744DA4BEE32F3589F342B09D948DA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D771DE9B4A3999BB26B4C7B4636DDC82_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF106B32B1E008D8845CF277F0E6705F_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEE47762FEC9F21CF8D1099B9F299F40_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFA1C8B77341639CFF59D92B66A568A1_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E07806DF9237866873A702DC961E5EEA_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E161A258AD9961A8C1BF272DE5E80782_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E19BD5E6106EEE057B1F97B6C10F4CFB_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E218D9D2B59EEB6C033D68DA3C6B0AA3_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3C25FF924776513632381D03508B90F_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4FDB00A84B43F88581C79C63A6D4395_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E5C8449C5425830A02883C97214F9C3A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6C27A868C6C2AA9D43EBAEA0AABF89E_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6D61592E872FB47DFF99E8D1F4A7F7B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9D6D0E5DAF8B1844C2AD3D11E614DAE_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9B7435D7A6566423C78F2DD6CDCD475_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBDB7A831236FE7C708AB06141FC5D87_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF67D7CA99573D8C01C746D8D85C6179_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F238A4120025D87BA5F508C66842522D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EBE33DED3E3851788256A56FF014CAC7_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3A3D07FF90A9BBFECC8BFAB9521485D_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4A794D2721A954B6707B55C5D73D5F8_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4E66B6BB7ED576488A3926082BDC788_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6BBD574149669FA39B07452DEF85175_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7FA2761FA97A00EEBF7B12F5C53D429_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F932F50DD0868A0C3A4DF2EB321C921C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA1735F1982BF1FD8EB284153AAB2CB2_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FBF73C3B7F7A439A3A9256BFE24C2C6C_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FBEC824CD49B1553CA9BDC77E265223A_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FCCC8350C747B9A643E535296997C0A1_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF56DF1BC0F48D8D6EA1EF5253D9B426_01D149A9-2ACF-4435-A25E-B7D0DF406D8C
* C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5F1650748DB12D3825449B82A25E71B_01D149A9-2ACF-4435-A25E-B7D0DF406D8C

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Edited by cuate, 30 September 2010 - 08:56 PM.


#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:10 PM

Posted 01 October 2010 - 01:29 AM

Hi cuate,


QUOTE
the problem below...happens only in firefox, not IE...

If your Firefox can't work properly, you're well advised to uninstall FF completely and do a clean reinstall. You may backup Bookmark before proceeding. Please go to Here and Here .


Let me know how things are going now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users