Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 kb025

kb025

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 26 June 2012 - 08:08 PM

I have the dang google redirect virus too. Vista Home 64bit, AVG free. Any help appreciated! thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 27 June 2012 - 12:56 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kb025

kb025
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 27 June 2012 - 05:50 AM

Hi Gringo, nice to meet you! Here are the logs. I am still being redirected.


Ran defogger

Security check output:

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Mozilla Thunderbird (13.0.1)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by karen at 6:43:27 on 2012-06-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1373 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\karen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Users\karen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

\TNO5FEYM\Defogger.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files

(x86)\Winamp Toolbar\winamptb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)

\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - C:\Program Files

(x86)\Winamp Toolbar\winamptb.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)

\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - C:\Program Files (x86)

\Winamp Toolbar\winamptb.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)

\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program

Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)

\AVG\AVG2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web

Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)

\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)

\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)

\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!

\Companion\Installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - C:\Program Files (x86)\Winamp

Toolbar\winamptb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common

Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SansaDispatch] C:\Users\karen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c

/nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Google] rundll32.exe "C:\Users\karen\AppData\Local\HP\Google\imtnrjj.dll",CreateInstance
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update

plugin
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe"

"C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe
mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health

Check\HPHC_Scheduler.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

/StartMinimized
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application

Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\karen\AppData\Roaming\MICROS~1\Windows\STARTM~1

\Programs\Startup\THUNDE~1.LNK - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program

Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: presagis.com\vpn
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: Garmin Communicator Plug-In -

hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {49232000-16E4-426C-A231-62846947304B} -

hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} -

hxxps://vpn.presagis.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -

hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

hxxps://presagis.webex.com/client/T27L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE538A58-D1C6-4E47-A2A9-25FE225828A5} : DhcpNameServer = 10.74.5.200

10.74.20.230
TCP: Interfaces\{B85A3971-8BF3-4569-96E3-5CFD5A1F2154} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)

\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)

\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)

\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1

\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files

(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common

Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)

\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)

\Winamp Toolbar\winamptb.dll
BHO-X64: Winamp Toolbar Loader - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)

\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program

Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)

\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus

Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and

smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files

(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files

(x86)\Java\jre7\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)

\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)

\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

(x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!

\Companion\Installs\cpn\yt.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp

Toolbar\winamptb.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)

\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

/Start
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe"

"C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun-x64: [hpqSRMon]
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe
mRun-x64: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless

Assistant\WiFiMsg.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health

Check\HPHC_Scheduler.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime

Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application

Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {58ECB495-38F0-49cb-A538-10282ABF65E7}
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program

Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\i7rqs90r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff11.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff12.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-

43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll
FF - plugin: C:\PROGRA~2\SONYON~1\npsoe.dll
FF - plugin: C:\PROGRA~2\SONYON~1\npsoeact.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\karen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\karen\AppData\Local\Yahoo!\BrowserPlus\2.9.8

\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32

\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys -->

C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys -->

C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys

--> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32

\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32

\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN

Client\vpnagent.exe [2009-2-3 427192]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys -->

C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys -->

C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64

Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18

1020768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[2010-9-12 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)

\Google\Update\GoogleUpdate.exe [2010-9-12 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance

Service\maintenanceservice.exe [2012-6-12 113120]
S3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64

Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\karen\Downloads\RealTemp_370\WinRing0x64.sys [2008-7-26

14544]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN

v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-25 23:40:16 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-25 00:42:59 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-25 00:42:12 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-21 11:36:40 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 11:35:21 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 11:35:21 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-21 11:34:53 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 11:34:53 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-21 11:34:53 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 11:34:53 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-20 01:00:22 770384 ----a-w- C:\Program Files (x86)\Mozilla

Firefox\msvcr100.dll
2012-06-20 01:00:22 421200 ----a-w- C:\Program Files (x86)\Mozilla

Firefox\msvcp100.dll
2012-06-12 19:58:13 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 19:58:12 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 19:57:57 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 19:57:57 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 19:57:57 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 19:57:57 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 19:57:57 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 19:57:57 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-11 21:38:23 -------- d-----w- C:\Users\karen\ERUNT
2012-06-11 21:32:25 378 ----a-w- C:\Users\karen\myshared.reg
2012-06-11 21:17:06 555064094 ----a-w- C:\Users\karen\regdate_jun11.reg
2012-06-11 11:34:01 -------- d-----w-

C:\Users\karen\AppData\Local\ElevatedDiagnostics
2012-06-08 21:57:04 138752 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\994A.tmp.dat
2012-05-29 21:53:28 -------- d-----w- C:\Program Files (x86)\QuickTime(238)
.
==================== Find3M ====================
.
2012-06-25 00:41:14 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-11 11:59:10 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 11:59:10 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 6:44:02.47 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/2/2008 6:33:39 AM
System Uptime: 6/26/2012 5:59:52 AM (25 hours ago)
.
Motherboard: Quanta | | 30CB
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1667/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 172.577 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.439 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Unimodem Half-Duplex Audio Device
Device ID: MODEMWAVE\0\{45A7F453-A65D-462B-970B-D6EEA0791ED9}
Manufacturer: Microsoft
Name: Unimodem Half-Duplex Audio Device
PNP Device ID: MODEMWAVE\0\{45A7F453-A65D-462B-970B-D6EEA0791ED9}
Service: MODEMCSA
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP1016: 6/11/2012 5:42:39 PM - Windows Update
RP1017: 6/12/2012 7:28:45 AM - Scheduled Checkpoint
RP1018: 6/12/2012 5:37:16 PM - beforewinsecurityfix
RP1019: 6/12/2012 5:58:29 PM - Windows Update
RP1020: 6/13/2012 7:10:12 PM - Scheduled Checkpoint
RP1021: 6/14/2012 9:29:33 AM - Scheduled Checkpoint
RP1022: 6/16/2012 11:28:49 AM - Scheduled Checkpoint
RP1023: 6/17/2012 10:35:14 AM - Scheduled Checkpoint
RP1024: 6/18/2012 8:15:55 PM - Scheduled Checkpoint
RP1025: 6/20/2012 10:21:39 AM - Scheduled Checkpoint
RP1026: 6/21/2012 7:34:18 AM - Windows Update
RP1027: 6/21/2012 10:04:40 PM - Scheduled Checkpoint
RP1028: 6/24/2012 8:26:10 PM - Removed Java™ 6 Update 26
RP1030: 6/24/2012 8:39:27 PM - Installed Java™ 7 Update 5
RP1031: 6/24/2012 8:42:25 PM - Installed JavaFX 2.1.1
RP1032: 6/26/2012 12:00:02 AM - Scheduled Checkpoint
RP1033: 6/27/2012 3:00:37 AM - Windows Update
.
==== Installed Programs ======================
.
Sansa Media Converter
Update for Microsoft Office 2007 (KB2508958)
50 FREE MP3s +1 Free Audiobook!
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
AIM 6
Apple Application Support
Apple Software Update
Best Buy Digital Music Store
Cards_Calendar_OrderGift_DoMorePlugout
Cisco AnyConnect VPN Client
Compatibility Pack for the 2007 Office system
CyberLink YouCam
DeductionPro 2008
DeductionPro 2009
Diner Dash 2
DivX Setup
Documents To Go
DVD Suite
EA Link
Facebook Video Calling 1.2.0.159
Free Realms Installer
Garmin Lifetime Updater
Garmin USB Drivers
Garmin WebUpdater
GlobeReader
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Massachusetts 2009
H&R Block Massachusetts 2010
H&R Block Massachusetts 2011
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Update
HP User Guides 0088
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
LabelPrint
LightScribe System Software 1.10.13.1
Malwarebytes Anti-Malware version 1.60.1.1000
MediaMonkey 3.2
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 13.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
muvee autoProducer 6.1
My HP Games
Octoshape add-in for Adobe Flash Player
Palm Desktop by ACCESS
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
RadioShack USB to Serial Driver
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Sansa Updater
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.8
Slingbox Flash Tour
SlingPlayer
Staples USB-to-Serial Adapter 2.04
System Requirements Lab
The Sims™ Life Stories
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VideoToolkit01
Viewpoint Media Player
Visual Studio 2008 x64 Redistributables
WebEx
Winamp
Winamp Toolbar
Xming-fonts 7.5.0.34
Xming 6.9.0.31
Xvid 1.2.1 final uninstall
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/27/2012 3:03:27 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure:

Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co.,

Ltd. - Other hardware - SAMSUNG Mobile MTP Device.
6/26/2012 9:54:41 AM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be

registered on the interface with IP address 10.74.6.21. The computer with the IP address

10.74.6.224 did not allow the name to be claimed by this computer.
6/26/2012 9:50:50 AM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not

assigned an address from the network (by the DHCP Server) for the Network Card with network

address 00215C2E7C11. The following error occurred: The operation was canceled by the user..

Your computer will continue to try and obtain an address on its own from the network address

(DHCP) server.
6/26/2012 9:47:20 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease

10.74.6.21 for the Network Card with network address 00215C2E7C11 has been denied by the DHCP

server 10.74.150.254 (The DHCP Server sent a DHCPNACK message).
6/26/2012 9:34:00 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease

192.168.1.7 for the Network Card with network address 00215C2E7C11 has been denied by the DHCP

server 10.74.113.253 (The DHCP Server sent a DHCPNACK message).
6/26/2012 6:48:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease

10.74.6.21 for the Network Card with network address 00215C2E7C11 has been denied by the DHCP

server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/25/2012 7:30:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was

reached while waiting for a transaction response from the Netman service.
6/24/2012 8:35:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was

reached while waiting for a transaction response from the ShellHWDetection service.
6/24/2012 8:16:40 PM, Error: bowser [8003] - The master browser has received a server

announcement from the computer SAMANTHA-HP that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{B85A3971-8BF3-4569-96E3-5CFD5A1F2154}. The master browser is

stopping or an election is being forced.
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from

package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-

SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-

SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package

KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-

SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-

Package(Update) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-

AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update Aux32 from package WindowsUpdateClient-SelfUpdate-Aux-

AuxComp-Package(Update) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-

AuxComp-Package_en-US(Language Pack) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to

complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-

AuxComp-Package(Update) into Staged(Staged) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to

complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature

Pack) into Install Requested(Install Requested) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to

complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into

Install Requested(Install Requested) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to

complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language

Pack) into Install Requested(Install Requested) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to

complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US

(Language Pack) into Install Requested(Install Requested) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to

complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package

(Update) into Install Requested(Install Requested) state
6/21/2012 7:39:57 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to

complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install

Requested(Install Requested) state
.
==== End Of File ===========================

Edited by kb025, 27 June 2012 - 05:50 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 27 June 2012 - 07:25 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kb025

kb025
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 27 June 2012 - 08:51 AM

ComboFix appeared to run without incident but it took about an hour and rebooted the system. I am still seeing redirects from google in Firefox (to shopping sites, search engines, etc.) but IE seems OK. I only tried a few searches; it's possible IE is still affected too. Here's the ComboFix log:

ComboFix 12-06-26.02 - karen 06/27/2012 8:41.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1543 [GMT -4:00]
Running from: c:\users\karen\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\karen\AppData\Local\HP\Google\imtnrjj.dll
c:\users\karen\AppData\Roaming\4B6BBA
c:\users\karen\Documents\~WRL0883.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 13:21 . 2012-06-27 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 00:43 . 2012-06-25 00:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-25 00:42 . 2012-06-25 00:42 -------- d-----w- c:\program files (x86)\Oracle
2012-06-21 11:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:34 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:34 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 01:00 . 2012-06-20 01:00 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 01:00 . 2012-06-20 01:00 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 19:58 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 19:58 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 19:57 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 19:57 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 19:57 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 19:57 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 19:57 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 19:57 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-11 21:38 . 2012-06-11 21:39 -------- d-----w- c:\users\karen\ERUNT
2012-06-11 21:32 . 2012-06-11 21:32 378 ----a-w- c:\users\karen\myshared.reg
2012-06-11 21:17 . 2012-06-11 21:17 555064094 ----a-w- c:\users\karen\regdate_jun11.reg
2012-06-11 11:34 . 2012-06-11 11:34 -------- d-----w- c:\users\karen\AppData\Local\ElevatedDiagnostics
2012-06-08 21:57 . 2012-06-08 21:57 138752 ----a-w- c:\programdata\Microsoft\Windows\DRM\994A.tmp.dat
2012-05-29 21:53 . 2012-05-29 21:53 -------- d-----w- c:\program files (x86)\QuickTime(238)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 00:41 . 2012-06-25 00:42 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-25 00:41 . 2010-05-26 20:52 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 11:35 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 11:35 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:12 . 2012-06-21 11:35 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:34 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 11:34 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-17 22:35 . 2012-06-12 22:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-11 11:59 . 2012-05-11 11:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 11:59 . 2011-06-29 13:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-03 08:22 . 2012-05-10 22:17 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-10 22:27 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SansaDispatch"="c:\users\karen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-02 79872]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-23 39408]
"Facebook Update"="c:\users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-03-09 37888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2012-5-11 400352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316398640-3585058815-281969237-1000Core.job
- c:\users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 15:31]
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316398640-3585058815-281969237-1000UA.job
- c:\users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 15:31]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 13:32]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 13:32]
.
2012-06-11 c:\windows\Tasks\HPCeeScheduleForkaren.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 18:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: presagis.com\vpn
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.presagis.com/CACHE/stc/1/binaries/vpnweb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\i7rqs90r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-Google - c:\users\karen\AppData\Local\HP\Google\imtnrjj.dll
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-06-27 09:40:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 13:40
.
Pre-Run: 185,102,680,064 bytes free
Post-Run: 188,149,788,672 bytes free
.
- - End Of File - - 7BB2B6577A379301867BD4C76ACCD867

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 27 June 2012 - 01:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 29 June 2012 - 11:18 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kb025

kb025
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 30 June 2012 - 10:15 AM

Hi Gringo, the redirection is much less frequent but it still occurs. I notice that usually, if clicking on a link redirects to a diffent site than the link says, if I hit the back button and then click the link a second time, it goes to the correct web page.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 30 June 2012 - 11:51 AM

Please continue with post 6



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kb025

kb025
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 30 June 2012 - 01:59 PM

Well that's bizarre, I thought I posted the logs a few days ago. Must have forgotten to click the post button. Here they are again:

21:45:01.0425 2864 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
21:45:01.0774 2864 ============================================================
21:45:01.0774 2864 Current date / time: 2012/06/27 21:45:01.0774
21:45:01.0774 2864 SystemInfo:
21:45:01.0774 2864
21:45:01.0774 2864 OS Version: 6.0.6002 ServicePack: 2.0
21:45:01.0774 2864 Product type: Workstation
21:45:01.0774 2864 ComputerName: JADE
21:45:01.0774 2864 UserName: karen
21:45:01.0774 2864 Windows directory: C:\Windows
21:45:01.0774 2864 System windows directory: C:\Windows
21:45:01.0774 2864 Running under WOW64
21:45:01.0774 2864 Processor architecture: Intel x64
21:45:01.0774 2864 Number of processors: 2
21:45:01.0774 2864 Page size: 0x1000
21:45:01.0775 2864 Boot type: Normal boot
21:45:01.0775 2864 ============================================================
21:45:02.0395 2864 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:02.0403 2864 ============================================================
21:45:02.0403 2864 \Device\Harddisk0\DR0:
21:45:02.0404 2864 MBR partitions:
21:45:02.0404 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23A39564
21:45:02.0404 2864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23A395A3, BlocksNum 0x19F411E
21:45:02.0404 2864 ============================================================
21:45:02.0412 2864 C: <-> \Device\Harddisk0\DR0\Partition0
21:45:02.0454 2864 D: <-> \Device\Harddisk0\DR0\Partition1
21:45:02.0454 2864 ============================================================
21:45:02.0454 2864 Initialize success
21:45:02.0454 2864 ============================================================
21:45:17.0390 6108 ============================================================
21:45:17.0390 6108 Scan started
21:45:17.0390 6108 Mode: Manual;
21:45:17.0390 6108 ============================================================
21:45:18.0306 6108 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:45:18.0326 6108 ACPI - ok
21:45:18.0412 6108 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
21:45:18.0434 6108 adp94xx - ok
21:45:18.0488 6108 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
21:45:18.0518 6108 adpahci - ok
21:45:18.0608 6108 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
21:45:18.0632 6108 adpu160m - ok
21:45:18.0662 6108 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
21:45:18.0670 6108 adpu320 - ok
21:45:18.0710 6108 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
21:45:18.0712 6108 AeLookupSvc - ok
21:45:18.0811 6108 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
21:45:18.0838 6108 AFD - ok
21:45:18.0886 6108 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
21:45:18.0889 6108 agp440 - ok
21:45:18.0919 6108 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:45:18.0923 6108 aic78xx - ok
21:45:18.0964 6108 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
21:45:18.0966 6108 ALG - ok
21:45:18.0994 6108 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
21:45:18.0996 6108 aliide - ok
21:45:19.0021 6108 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:45:19.0023 6108 amdide - ok
21:45:19.0039 6108 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
21:45:19.0042 6108 AmdK8 - ok
21:45:19.0093 6108 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
21:45:19.0096 6108 Appinfo - ok
21:45:19.0144 6108 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
21:45:19.0148 6108 arc - ok
21:45:19.0190 6108 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
21:45:19.0193 6108 arcsas - ok
21:45:19.0226 6108 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:45:19.0228 6108 AsyncMac - ok
21:45:19.0264 6108 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:45:19.0266 6108 atapi - ok
21:45:19.0358 6108 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:45:19.0382 6108 AudioEndpointBuilder - ok
21:45:19.0393 6108 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
21:45:19.0399 6108 AudioSrv - ok
21:45:20.0144 6108 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:45:20.0307 6108 AVGIDSAgent - ok
21:45:20.0508 6108 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:45:20.0520 6108 AVGIDSDriver - ok
21:45:20.0628 6108 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:45:20.0630 6108 AVGIDSFilter - ok
21:45:20.0700 6108 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
21:45:20.0702 6108 AVGIDSHA - ok
21:45:20.0788 6108 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
21:45:20.0823 6108 Avgldx64 - ok
21:45:20.0883 6108 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:45:20.0886 6108 Avgmfx64 - ok
21:45:20.0911 6108 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:45:20.0916 6108 Avgrkx64 - ok
21:45:20.0988 6108 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
21:45:21.0014 6108 Avgtdia - ok
21:45:21.0199 6108 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:45:21.0204 6108 avgwd - ok
21:45:21.0311 6108 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:45:21.0335 6108 BCM43XV - ok
21:45:21.0370 6108 Beep - ok
21:45:21.0462 6108 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
21:45:21.0517 6108 BFE - ok
21:45:21.0766 6108 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
21:45:21.0803 6108 BITS - ok
21:45:21.0866 6108 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
21:45:21.0869 6108 blbdrive - ok
21:45:21.0912 6108 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:45:21.0916 6108 bowser - ok
21:45:21.0944 6108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:45:21.0947 6108 BrFiltLo - ok
21:45:21.0966 6108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:45:21.0969 6108 BrFiltUp - ok
21:45:22.0011 6108 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
21:45:22.0014 6108 Browser - ok
21:45:22.0054 6108 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:45:22.0058 6108 Brserid - ok
21:45:22.0092 6108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:45:22.0094 6108 BrSerWdm - ok
21:45:22.0115 6108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:45:22.0118 6108 BrUsbMdm - ok
21:45:22.0140 6108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:45:22.0142 6108 BrUsbSer - ok
21:45:22.0174 6108 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:45:22.0177 6108 BTHMODEM - ok
21:45:22.0216 6108 catchme - ok
21:45:22.0265 6108 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:45:22.0269 6108 cdfs - ok
21:45:22.0333 6108 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:45:22.0337 6108 cdrom - ok
21:45:22.0401 6108 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:45:22.0404 6108 CertPropSvc - ok
21:45:22.0465 6108 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
21:45:22.0468 6108 circlass - ok
21:45:22.0588 6108 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:45:22.0616 6108 CLFS - ok
21:45:22.0658 6108 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:45:22.0662 6108 clr_optimization_v2.0.50727_32 - ok
21:45:22.0692 6108 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:45:22.0709 6108 clr_optimization_v2.0.50727_64 - ok
21:45:22.0838 6108 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:45:22.0849 6108 clr_optimization_v4.0.30319_32 - ok
21:45:22.0928 6108 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:45:22.0940 6108 clr_optimization_v4.0.30319_64 - ok
21:45:22.0984 6108 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
21:45:22.0986 6108 CmBatt - ok
21:45:23.0008 6108 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:45:23.0009 6108 cmdide - ok
21:45:23.0094 6108 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:45:23.0124 6108 Com4Qlb - ok
21:45:23.0141 6108 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
21:45:23.0143 6108 Compbatt - ok
21:45:23.0147 6108 COMSysApp - ok
21:45:23.0213 6108 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
21:45:23.0214 6108 cpuz135 - ok
21:45:23.0221 6108 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
21:45:23.0223 6108 crcdisk - ok
21:45:23.0287 6108 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
21:45:23.0300 6108 CryptSvc - ok
21:45:23.0391 6108 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:45:23.0408 6108 DcomLaunch - ok
21:45:23.0469 6108 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:45:23.0472 6108 DfsC - ok
21:45:23.0728 6108 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
21:45:23.0818 6108 DFSR - ok
21:45:23.0959 6108 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
21:45:23.0968 6108 Dhcp - ok
21:45:24.0030 6108 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:45:24.0034 6108 disk - ok
21:45:24.0101 6108 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
21:45:24.0115 6108 Dnscache - ok
21:45:24.0155 6108 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
21:45:24.0174 6108 dot3svc - ok
21:45:24.0212 6108 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
21:45:24.0225 6108 DPS - ok
21:45:24.0281 6108 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:45:24.0284 6108 drmkaud - ok
21:45:24.0408 6108 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:45:24.0451 6108 DXGKrnl - ok
21:45:24.0490 6108 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:45:24.0502 6108 E1G60 - ok
21:45:24.0572 6108 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
21:45:24.0575 6108 EapHost - ok
21:45:24.0632 6108 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:45:24.0666 6108 Ecache - ok
21:45:24.0728 6108 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
21:45:24.0739 6108 ehRecvr - ok
21:45:24.0767 6108 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
21:45:24.0778 6108 ehSched - ok
21:45:24.0805 6108 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
21:45:24.0806 6108 ehstart - ok
21:45:24.0875 6108 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
21:45:24.0891 6108 elxstor - ok
21:45:24.0973 6108 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
21:45:25.0000 6108 EMDMgmt - ok
21:45:25.0061 6108 EraserUtilDrvI9 - ok
21:45:25.0085 6108 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
21:45:25.0087 6108 ErrDev - ok
21:45:25.0152 6108 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
21:45:25.0170 6108 EventSystem - ok
21:45:25.0212 6108 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:45:25.0221 6108 exfat - ok
21:45:25.0475 6108 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:45:25.0525 6108 fastfat - ok
21:45:25.0627 6108 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:45:25.0632 6108 fdc - ok
21:45:25.0653 6108 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
21:45:25.0655 6108 fdPHost - ok
21:45:25.0675 6108 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
21:45:25.0678 6108 FDResPub - ok
21:45:25.0696 6108 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:45:25.0699 6108 FileInfo - ok
21:45:25.0792 6108 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:45:25.0809 6108 Filetrace - ok
21:45:25.0828 6108 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:45:25.0831 6108 flpydisk - ok
21:45:25.0887 6108 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:45:25.0894 6108 FltMgr - ok
21:45:26.0129 6108 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
21:45:26.0185 6108 FontCache - ok
21:45:26.0248 6108 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:45:26.0250 6108 FontCache3.0.0.0 - ok
21:45:26.0349 6108 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
21:45:26.0360 6108 Fs_Rec - ok
21:45:26.0402 6108 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
21:45:26.0404 6108 gagp30kx - ok
21:45:26.0525 6108 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
21:45:26.0571 6108 GameConsoleService - ok
21:45:26.0652 6108 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
21:45:26.0669 6108 gpsvc - ok
21:45:26.0764 6108 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:26.0767 6108 gupdate - ok
21:45:26.0780 6108 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:45:26.0782 6108 gupdatem - ok
21:45:26.0838 6108 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:45:26.0840 6108 gusvc - ok
21:45:26.0891 6108 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
21:45:26.0900 6108 HdAudAddService - ok
21:45:26.0997 6108 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:45:27.0049 6108 HDAudBus - ok
21:45:27.0078 6108 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:45:27.0080 6108 HidBth - ok
21:45:27.0104 6108 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
21:45:27.0106 6108 HidIr - ok
21:45:27.0151 6108 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
21:45:27.0153 6108 hidserv - ok
21:45:27.0190 6108 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:45:27.0192 6108 HidUsb - ok
21:45:27.0217 6108 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
21:45:27.0220 6108 hkmsvc - ok
21:45:27.0310 6108 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
21:45:27.0313 6108 HP Health Check Service - ok
21:45:27.0356 6108 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
21:45:27.0359 6108 HpCISSs - ok
21:45:27.0376 6108 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:45:27.0379 6108 HpqKbFiltr - ok
21:45:27.0394 6108 HpqRemHid (e53d53d66d61794af8160741946d0b43) C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:45:27.0414 6108 HpqRemHid - ok
21:45:27.0462 6108 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:45:27.0465 6108 hpqwmiex - ok
21:45:27.0536 6108 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:45:27.0557 6108 HSFHWAZL - ok
21:45:27.0719 6108 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:45:27.0774 6108 HSF_DPV - ok
21:45:27.0969 6108 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:45:27.0996 6108 HTTP - ok
21:45:28.0038 6108 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
21:45:28.0041 6108 i2omp - ok
21:45:28.0075 6108 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:45:28.0078 6108 i8042prt - ok
21:45:28.0150 6108 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:45:28.0170 6108 IAANTMON - ok
21:45:28.0252 6108 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
21:45:28.0257 6108 iaStor - ok
21:45:28.0309 6108 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
21:45:28.0321 6108 iaStorV - ok
21:45:28.0412 6108 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:45:28.0416 6108 IDriverT - ok
21:45:28.0578 6108 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:45:28.0618 6108 idsvc - ok
21:45:28.0643 6108 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:45:28.0646 6108 iirsp - ok
21:45:28.0711 6108 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
21:45:28.0727 6108 IKEEXT - ok
21:45:28.0753 6108 IntcAzAudAddService - ok
21:45:28.0774 6108 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
21:45:28.0776 6108 intelide - ok
21:45:28.0792 6108 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
21:45:28.0795 6108 intelppm - ok
21:45:28.0820 6108 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
21:45:28.0824 6108 IPBusEnum - ok
21:45:28.0868 6108 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:45:28.0872 6108 IpFilterDriver - ok
21:45:28.0944 6108 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
21:45:28.0964 6108 iphlpsvc - ok
21:45:28.0969 6108 IpInIp - ok
21:45:29.0023 6108 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
21:45:29.0027 6108 IPMIDRV - ok
21:45:29.0049 6108 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:45:29.0064 6108 IPNAT - ok
21:45:29.0088 6108 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:45:29.0090 6108 IRENUM - ok
21:45:29.0125 6108 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
21:45:29.0127 6108 isapnp - ok
21:45:29.0192 6108 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:45:29.0211 6108 iScsiPrt - ok
21:45:29.0232 6108 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:45:29.0235 6108 iteatapi - ok
21:45:29.0265 6108 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:45:29.0267 6108 iteraid - ok
21:45:29.0291 6108 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:45:29.0293 6108 kbdclass - ok
21:45:29.0325 6108 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
21:45:29.0328 6108 kbdhid - ok
21:45:29.0379 6108 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:45:29.0382 6108 KeyIso - ok
21:45:29.0489 6108 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
21:45:29.0507 6108 KSecDD - ok
21:45:29.0522 6108 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:45:29.0527 6108 ksthunk - ok
21:45:29.0605 6108 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
21:45:29.0622 6108 KtmRm - ok
21:45:29.0723 6108 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
21:45:29.0766 6108 LanmanServer - ok
21:45:29.0872 6108 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
21:45:29.0890 6108 LanmanWorkstation - ok
21:45:29.0981 6108 LightScribeService (53710476495886d9961be46983a6a33f) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:45:29.0984 6108 LightScribeService - ok
21:45:30.0021 6108 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:45:30.0024 6108 lltdio - ok
21:45:30.0076 6108 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
21:45:30.0089 6108 lltdsvc - ok
21:45:30.0105 6108 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
21:45:30.0108 6108 lmhosts - ok
21:45:30.0144 6108 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
21:45:30.0158 6108 LSI_FC - ok
21:45:30.0183 6108 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
21:45:30.0198 6108 LSI_SAS - ok
21:45:30.0242 6108 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
21:45:30.0256 6108 LSI_SCSI - ok
21:45:30.0277 6108 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:45:30.0293 6108 luafv - ok
21:45:30.0320 6108 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
21:45:30.0338 6108 Mcx2Svc - ok
21:45:30.0365 6108 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
21:45:30.0368 6108 megasas - ok
21:45:30.0440 6108 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
21:45:30.0462 6108 MegaSR - ok
21:45:30.0622 6108 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:45:30.0626 6108 Microsoft Office Groove Audit Service - ok
21:45:30.0652 6108 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:45:30.0655 6108 MMCSS - ok
21:45:30.0673 6108 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:45:30.0675 6108 Modem - ok
21:45:30.0734 6108 MODEMCSA (8985460fd448348f7ac748460d0a1cf4) C:\Windows\system32\drivers\MODEMCSA.sys
21:45:30.0736 6108 MODEMCSA - ok
21:45:30.0760 6108 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:45:30.0763 6108 monitor - ok
21:45:30.0782 6108 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:45:30.0784 6108 mouclass - ok
21:45:30.0817 6108 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:45:30.0819 6108 mouhid - ok
21:45:30.0841 6108 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:45:30.0845 6108 MountMgr - ok
21:45:30.0912 6108 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:45:30.0925 6108 MozillaMaintenance - ok
21:45:30.0972 6108 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
21:45:30.0985 6108 mpio - ok
21:45:31.0018 6108 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:45:31.0021 6108 mpsdrv - ok
21:45:31.0126 6108 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
21:45:31.0147 6108 MpsSvc - ok
21:45:31.0175 6108 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:45:31.0178 6108 Mraid35x - ok
21:45:31.0219 6108 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:45:31.0232 6108 MRxDAV - ok
21:45:31.0296 6108 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:45:31.0308 6108 mrxsmb - ok
21:45:31.0387 6108 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:45:31.0422 6108 mrxsmb10 - ok
21:45:31.0439 6108 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:45:31.0443 6108 mrxsmb20 - ok
21:45:31.0472 6108 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
21:45:31.0475 6108 msahci - ok
21:45:31.0510 6108 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
21:45:31.0514 6108 msdsm - ok
21:45:31.0560 6108 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
21:45:31.0575 6108 MSDTC - ok
21:45:31.0607 6108 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:45:31.0609 6108 Msfs - ok
21:45:31.0637 6108 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:45:31.0640 6108 msisadrv - ok
21:45:31.0678 6108 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
21:45:31.0690 6108 MSiSCSI - ok
21:45:31.0696 6108 msiserver - ok
21:45:31.0747 6108 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:45:31.0749 6108 MSKSSRV - ok
21:45:31.0791 6108 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:45:31.0793 6108 MSPCLOCK - ok
21:45:31.0807 6108 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:45:31.0809 6108 MSPQM - ok
21:45:31.0871 6108 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:45:31.0881 6108 MsRPC - ok
21:45:31.0904 6108 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:45:31.0906 6108 mssmbios - ok
21:45:31.0921 6108 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:45:31.0923 6108 MSTEE - ok
21:45:31.0949 6108 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:45:31.0951 6108 Mup - ok
21:45:32.0020 6108 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
21:45:32.0060 6108 napagent - ok
21:45:32.0121 6108 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:45:32.0130 6108 NativeWifiP - ok
21:45:32.0236 6108 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:45:32.0262 6108 NDIS - ok
21:45:32.0304 6108 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:45:32.0306 6108 NdisTapi - ok
21:45:32.0323 6108 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:45:32.0325 6108 Ndisuio - ok
21:45:32.0369 6108 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:45:32.0384 6108 NdisWan - ok
21:45:32.0408 6108 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:45:32.0411 6108 NDProxy - ok
21:45:32.0424 6108 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:45:32.0427 6108 NetBIOS - ok
21:45:32.0477 6108 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:45:32.0493 6108 netbt - ok
21:45:32.0517 6108 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:45:32.0519 6108 Netlogon - ok
21:45:32.0589 6108 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
21:45:32.0608 6108 Netman - ok
21:45:32.0653 6108 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
21:45:32.0665 6108 netprofm - ok
21:45:32.0729 6108 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:45:32.0743 6108 NetTcpPortSharing - ok
21:45:33.0122 6108 NETw4v64 (dae4178cf30cf07df3c53837ee5e96a7) C:\Windows\system32\DRIVERS\NETw4v64.sys
21:45:33.0207 6108 NETw4v64 - ok
21:45:33.0707 6108 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
21:45:33.0813 6108 NETw5v64 - ok
21:45:34.0125 6108 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:45:34.0138 6108 nfrd960 - ok
21:45:34.0186 6108 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
21:45:34.0220 6108 NlaSvc - ok
21:45:34.0250 6108 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:45:34.0252 6108 Npfs - ok
21:45:34.0267 6108 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
21:45:34.0269 6108 nsi - ok
21:45:34.0282 6108 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:45:34.0284 6108 nsiproxy - ok
21:45:34.0467 6108 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:45:34.0507 6108 Ntfs - ok
21:45:34.0659 6108 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:45:34.0662 6108 Null - ok
21:45:34.0872 6108 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
21:45:34.0898 6108 NVENETFD - ok
21:45:37.0176 6108 nvlddmkm (fd39b98ff1bb8ed3848781497e9d02e0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:45:37.0446 6108 nvlddmkm - ok
21:45:38.0234 6108 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
21:45:38.0241 6108 nvraid - ok
21:45:38.0287 6108 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
21:45:38.0290 6108 nvstor - ok
21:45:38.0418 6108 nvsvc (c1668d58547dd0c4a0fbd6afa20d5890) C:\Windows\system32\nvvsvc.exe
21:45:38.0474 6108 nvsvc - ok
21:45:38.0500 6108 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
21:45:38.0516 6108 nv_agp - ok
21:45:38.0528 6108 NwlnkFlt - ok
21:45:38.0539 6108 NwlnkFwd - ok
21:45:38.0667 6108 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:45:38.0686 6108 odserv - ok
21:45:38.0733 6108 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
21:45:38.0735 6108 ohci1394 - ok
21:45:38.0764 6108 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:38.0767 6108 ose - ok
21:45:38.0941 6108 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:45:38.0969 6108 p2pimsvc - ok
21:45:38.0979 6108 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:45:38.0986 6108 p2psvc - ok
21:45:39.0035 6108 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
21:45:39.0038 6108 Parport - ok
21:45:39.0083 6108 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
21:45:39.0085 6108 partmgr - ok
21:45:39.0109 6108 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
21:45:39.0113 6108 PcaSvc - ok
21:45:39.0153 6108 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:45:39.0167 6108 pci - ok
21:45:39.0180 6108 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
21:45:39.0181 6108 pciide - ok
21:45:39.0222 6108 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:45:39.0234 6108 pcmcia - ok
21:45:39.0305 6108 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:45:39.0321 6108 PEAUTH - ok
21:45:39.0387 6108 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
21:45:39.0389 6108 PerfHost - ok
21:45:39.0552 6108 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
21:45:39.0587 6108 pla - ok
21:45:39.0639 6108 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
21:45:39.0676 6108 PlugPlay - ok
21:45:39.0782 6108 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:45:39.0794 6108 PNRPAutoReg - ok
21:45:39.0812 6108 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
21:45:39.0825 6108 PNRPsvc - ok
21:45:39.0905 6108 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
21:45:39.0927 6108 PolicyAgent - ok
21:45:39.0993 6108 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:45:39.0998 6108 PptpMiniport - ok
21:45:40.0019 6108 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
21:45:40.0022 6108 Processor - ok
21:45:40.0061 6108 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
21:45:40.0074 6108 ProfSvc - ok
21:45:40.0118 6108 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:45:40.0120 6108 ProtectedStorage - ok
21:45:40.0149 6108 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:45:40.0152 6108 PSched - ok
21:45:40.0265 6108 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
21:45:40.0304 6108 ql2300 - ok
21:45:40.0334 6108 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:45:40.0337 6108 ql40xx - ok
21:45:40.0461 6108 QPCapSvc (ba396d1c71934e22679d3f4dac17e7ab) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
21:45:40.0480 6108 QPCapSvc - ok
21:45:40.0506 6108 QPSched (4b455e8c41cad3219ccf53024dcad604) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
21:45:40.0509 6108 QPSched - ok
21:45:40.0542 6108 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
21:45:40.0562 6108 QWAVE - ok
21:45:40.0582 6108 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:45:40.0584 6108 QWAVEdrv - ok
21:45:40.0598 6108 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:45:40.0600 6108 RasAcd - ok
21:45:40.0637 6108 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
21:45:40.0641 6108 RasAuto - ok
21:45:40.0690 6108 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:45:40.0706 6108 Rasl2tp - ok
21:45:40.0741 6108 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
21:45:40.0760 6108 RasMan - ok
21:45:40.0798 6108 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:45:40.0801 6108 RasPppoe - ok
21:45:40.0838 6108 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:45:40.0841 6108 RasSstp - ok
21:45:40.0902 6108 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:45:40.0917 6108 rdbss - ok
21:45:40.0941 6108 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:45:40.0943 6108 RDPCDD - ok
21:45:41.0035 6108 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
21:45:41.0060 6108 rdpdr - ok
21:45:41.0067 6108 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:45:41.0069 6108 RDPENCDD - ok
21:45:41.0392 6108 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
21:45:41.0466 6108 RDPWD - ok
21:45:41.0716 6108 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
21:45:41.0736 6108 RemoteAccess - ok
21:45:41.0781 6108 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
21:45:41.0810 6108 RemoteRegistry - ok
21:45:42.0182 6108 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
21:45:42.0188 6108 RichVideo - ok
21:45:42.0233 6108 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
21:45:42.0236 6108 rimmptsk - ok
21:45:42.0259 6108 rimsptsk (82356915157ab59064a24993ae5be8aa) C:\Windows\system32\DRIVERS\rimspx64.sys
21:45:42.0279 6108 rimsptsk - ok
21:45:42.0316 6108 rismxdp (c01a92a546854a3e34103b642f0f94a1) C:\Windows\system32\DRIVERS\rixdpx64.sys
21:45:42.0319 6108 rismxdp - ok
21:45:42.0335 6108 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
21:45:42.0339 6108 RpcLocator - ok
21:45:42.0497 6108 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
21:45:42.0510 6108 RpcSs - ok
21:45:42.0552 6108 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:45:42.0555 6108 rspndr - ok
21:45:42.0629 6108 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
21:45:42.0648 6108 RTL8169 - ok
21:45:42.0698 6108 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
21:45:42.0701 6108 SamSs - ok
21:45:42.0725 6108 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:45:42.0742 6108 sbp2port - ok
21:45:42.0787 6108 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
21:45:42.0801 6108 SCardSvr - ok
21:45:42.0948 6108 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
21:45:42.0977 6108 Schedule - ok
21:45:43.0019 6108 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
21:45:43.0020 6108 SCPolicySvc - ok
21:45:43.0075 6108 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
21:45:43.0088 6108 sdbus - ok
21:45:43.0127 6108 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
21:45:43.0139 6108 SDRSVC - ok
21:45:43.0168 6108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:45:43.0170 6108 secdrv - ok
21:45:43.0196 6108 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
21:45:43.0200 6108 seclogon - ok
21:45:43.0221 6108 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
21:45:43.0226 6108 SENS - ok
21:45:43.0244 6108 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys
21:45:43.0246 6108 Serenum - ok
21:45:43.0280 6108 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
21:45:43.0284 6108 Serial - ok
21:45:43.0311 6108 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:45:43.0314 6108 sermouse - ok
21:45:43.0349 6108 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
21:45:43.0354 6108 SessionEnv - ok
21:45:43.0385 6108 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
21:45:43.0387 6108 sffdisk - ok
21:45:43.0406 6108 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
21:45:43.0409 6108 sffp_mmc - ok
21:45:43.0432 6108 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:45:43.0435 6108 sffp_sd - ok
21:45:43.0457 6108 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:45:43.0459 6108 sfloppy - ok
21:45:43.0547 6108 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
21:45:43.0569 6108 SharedAccess - ok
21:45:43.0644 6108 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
21:45:43.0667 6108 ShellHWDetection - ok
21:45:43.0687 6108 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
21:45:43.0690 6108 SiSRaid2 - ok
21:45:43.0727 6108 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
21:45:43.0730 6108 SiSRaid4 - ok
21:45:43.0859 6108 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:45:43.0870 6108 SkypeUpdate - ok
21:45:44.0156 6108 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
21:45:44.0230 6108 slsvc - ok
21:45:44.0352 6108 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
21:45:44.0370 6108 SLUINotify - ok
21:45:44.0420 6108 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:45:44.0435 6108 Smb - ok
21:45:44.0625 6108 smserial (22631aaf0ac9e9881ce76beac27d8030) C:\Windows\system32\DRIVERS\smserial.sys
21:45:44.0683 6108 smserial - ok
21:45:44.0719 6108 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
21:45:44.0723 6108 SNMPTRAP - ok
21:45:44.0762 6108 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:45:44.0765 6108 spldr - ok
21:45:44.0831 6108 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
21:45:44.0846 6108 Spooler - ok
21:45:44.0935 6108 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:45:44.0948 6108 srv - ok
21:45:45.0014 6108 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:45:45.0024 6108 srv2 - ok
21:45:45.0090 6108 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:45:45.0101 6108 srvnet - ok
21:45:45.0134 6108 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
21:45:45.0146 6108 SSDPSRV - ok
21:45:45.0182 6108 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
21:45:45.0194 6108 SstpSvc - ok
21:45:45.0272 6108 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
21:45:45.0298 6108 stisvc - ok
21:45:45.0319 6108 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:45:45.0321 6108 swenum - ok
21:45:45.0398 6108 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
21:45:45.0427 6108 swprv - ok
21:45:45.0461 6108 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:45:45.0464 6108 Symc8xx - ok
21:45:45.0491 6108 SymIMMP - ok
21:45:45.0519 6108 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:45:45.0522 6108 Sym_hi - ok
21:45:45.0551 6108 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:45:45.0553 6108 Sym_u3 - ok
21:45:45.0624 6108 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
21:45:45.0643 6108 SynTP - ok
21:45:45.0784 6108 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
21:45:45.0812 6108 SysMain - ok
21:45:45.0845 6108 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
21:45:45.0862 6108 TabletInputService - ok
21:45:45.0916 6108 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
21:45:45.0938 6108 TapiSrv - ok
21:45:45.0964 6108 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
21:45:45.0983 6108 TBS - ok
21:45:46.0203 6108 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
21:45:46.0246 6108 Tcpip - ok
21:45:46.0274 6108 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
21:45:46.0292 6108 Tcpip6 - ok
21:45:46.0347 6108 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:45:46.0350 6108 tcpipreg - ok
21:45:46.0385 6108 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:45:46.0386 6108 TDPIPE - ok
21:45:46.0412 6108 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:45:46.0414 6108 TDTCP - ok
21:45:46.0447 6108 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:45:46.0450 6108 tdx - ok
21:45:46.0478 6108 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:45:46.0480 6108 TermDD - ok
21:45:46.0544 6108 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
21:45:46.0582 6108 TermService - ok
21:45:46.0658 6108 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
21:45:46.0662 6108 Themes - ok
21:45:46.0693 6108 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
21:45:46.0694 6108 THREADORDER - ok
21:45:46.0722 6108 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
21:45:46.0738 6108 TrkWks - ok
21:45:46.0791 6108 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
21:45:46.0793 6108 TrustedInstaller - ok
21:45:46.0833 6108 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:45:46.0835 6108 tssecsrv - ok
21:45:46.0865 6108 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:45:46.0866 6108 tunmp - ok
21:45:46.0917 6108 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:45:46.0919 6108 tunnel - ok
21:45:46.0970 6108 U2SP (4fd2f1366055d55f0d10b2568526ab78) C:\Windows\system32\DRIVERS\u2s2kxp64.sys
21:45:46.0973 6108 U2SP - ok
21:45:46.0989 6108 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
21:45:46.0991 6108 uagp35 - ok
21:45:47.0049 6108 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:45:47.0058 6108 udfs - ok
21:45:47.0087 6108 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
21:45:47.0091 6108 UI0Detect - ok
21:45:47.0138 6108 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
21:45:47.0140 6108 uliagpkx - ok
21:45:47.0195 6108 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
21:45:47.0203 6108 uliahci - ok
21:45:47.0237 6108 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:45:47.0251 6108 UlSata - ok
21:45:47.0285 6108 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:45:47.0298 6108 ulsata2 - ok
21:45:47.0333 6108 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:45:47.0336 6108 umbus - ok
21:45:47.0372 6108 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
21:45:47.0390 6108 upnphost - ok
21:45:47.0475 6108 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:45:47.0490 6108 usbccgp - ok
21:45:47.0519 6108 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:45:47.0527 6108 usbcir - ok
21:45:47.0568 6108 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:45:47.0571 6108 usbehci - ok
21:45:47.0602 6108 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:45:47.0612 6108 usbhub - ok
21:45:47.0635 6108 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
21:45:47.0638 6108 usbohci - ok
21:45:47.0667 6108 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
21:45:47.0670 6108 usbprint - ok
21:45:47.0696 6108 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:45:47.0699 6108 usbscan - ok
21:45:47.0757 6108 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:45:47.0764 6108 USBSTOR - ok
21:45:47.0780 6108 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
21:45:47.0783 6108 usbuhci - ok
21:45:47.0828 6108 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
21:45:47.0841 6108 usbvideo - ok
21:45:47.0883 6108 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
21:45:47.0889 6108 UxSms - ok
21:45:47.0961 6108 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
21:45:47.0977 6108 vds - ok
21:45:47.0999 6108 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
21:45:48.0001 6108 vga - ok
21:45:48.0028 6108 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:45:48.0031 6108 VgaSave - ok
21:45:48.0053 6108 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:45:48.0056 6108 viaide - ok
21:45:48.0090 6108 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:45:48.0093 6108 volmgr - ok
21:45:48.0156 6108 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:45:48.0173 6108 volmgrx - ok
21:45:48.0218 6108 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:45:48.0233 6108 volsnap - ok
21:45:48.0367 6108 vpnagent (cb7859f7029ac19e9b9c76aa0e5e79d2) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:45:48.0382 6108 vpnagent - ok
21:45:48.0449 6108 vpnva (a6ca1c89eb232697ca6369eb55729e48) C:\Windows\system32\DRIVERS\vpnva64.sys
21:45:48.0451 6108 vpnva - ok
21:45:48.0493 6108 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
21:45:48.0506 6108 vsmraid - ok
21:45:48.0683 6108 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
21:45:48.0729 6108 VSS - ok
21:45:48.0796 6108 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
21:45:48.0819 6108 W32Time - ok
21:45:48.0868 6108 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:45:48.0871 6108 WacomPen - ok
21:45:48.0900 6108 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:48.0916 6108 Wanarp - ok
21:45:48.0929 6108 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:45:48.0932 6108 Wanarpv6 - ok
21:45:49.0007 6108 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
21:45:49.0028 6108 wcncsvc - ok
21:45:49.0052 6108 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
21:45:49.0057 6108 WcsPlugInService - ok
21:45:49.0091 6108 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
21:45:49.0093 6108 Wd - ok
21:45:49.0183 6108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:45:49.0203 6108 Wdf01000 - ok
21:45:49.0221 6108 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:45:49.0227 6108 WdiServiceHost - ok
21:45:49.0235 6108 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
21:45:49.0240 6108 WdiSystemHost - ok
21:45:49.0271 6108 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
21:45:49.0290 6108 WebClient - ok
21:45:49.0332 6108 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
21:45:49.0344 6108 Wecsvc - ok
21:45:49.0359 6108 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
21:45:49.0363 6108 wercplsupport - ok
21:45:49.0385 6108 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
21:45:49.0402 6108 WerSvc - ok
21:45:49.0495 6108 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:45:49.0511 6108 winachsf - ok
21:45:49.0577 6108 WinDefend - ok
21:45:49.0587 6108 WinHttpAutoProxySvc - ok
21:45:49.0661 6108 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
21:45:49.0670 6108 Winmgmt - ok
21:45:49.0807 6108 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\karen\Downloads\RealTemp_370\WinRing0x64.sys
21:45:49.0819 6108 WinRing0_1_2_0 - ok
21:45:50.0047 6108 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
21:45:50.0104 6108 WinRM - ok
21:45:50.0253 6108 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
21:45:50.0269 6108 Wlansvc - ok
21:45:50.0307 6108 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:45:50.0309 6108 WmiAcpi - ok
21:45:50.0390 6108 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
21:45:50.0407 6108 wmiApSrv - ok
21:45:50.0438 6108 WMPNetworkSvc - ok
21:45:50.0484 6108 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
21:45:50.0495 6108 WPCSvc - ok
21:45:50.0536 6108 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
21:45:50.0543 6108 WPDBusEnum - ok
21:45:50.0601 6108 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:45:50.0604 6108 WpdUsb - ok
21:45:50.0876 6108 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:45:50.0913 6108 WPFFontCache_v0400 - ok
21:45:50.0944 6108 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:45:50.0947 6108 ws2ifsl - ok
21:45:50.0988 6108 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
21:45:50.0994 6108 wscsvc - ok
21:45:51.0001 6108 WSearch - ok
21:45:51.0278 6108 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:45:51.0348 6108 wuauserv - ok
21:45:51.0536 6108 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:45:51.0540 6108 WUDFRd - ok
21:45:51.0571 6108 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
21:45:51.0577 6108 wudfsvc - ok
21:45:51.0625 6108 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
21:45:51.0673 6108 \Device\Harddisk0\DR0 - ok
21:45:51.0678 6108 Boot (0x1200) (2815abbec0f20f3ba6223df70569bc01) \Device\Harddisk0\DR0\Partition0
21:45:51.0681 6108 \Device\Harddisk0\DR0\Partition0 - ok
21:45:51.0689 6108 Boot (0x1200) (3934997050b2f7452525bcda8aa84e9d) \Device\Harddisk0\DR0\Partition1
21:45:51.0691 6108 \Device\Harddisk0\DR0\Partition1 - ok
21:45:51.0693 6108 ============================================================
21:45:51.0693 6108 Scan finished
21:45:51.0693 6108 ============================================================
21:45:51.0712 5688 Detected object count: 0
21:45:51.0712 5688 Actual detected object count: 0
06:13:17.0176 2724 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 21:46:45
-----------------------------
21:46:45.949 OS Version: Windows x64 6.0.6002 Service Pack 2
21:46:45.949 Number of processors: 2 586 0xF0D
21:46:45.950 ComputerName: JADE UserName:
21:46:47.716 Initialize success
21:48:15.013 AVAST engine defs: 12062701
21:48:23.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:48:23.367 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
21:48:23.383 Disk 0 MBR read successfully
21:48:23.388 Disk 0 MBR scan
21:48:23.395 Disk 0 unknown MBR code
21:48:23.400 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291954 MB offset 63
21:48:23.430 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13288 MB offset 597923235
21:48:23.568 Disk 0 scanning C:\Windows\system32\drivers
21:48:38.419 Service scanning
21:49:05.561 Modules scanning
21:49:05.569 Disk 0 trace - called modules:
21:49:05.608 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
21:49:05.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069e6790]
21:49:05.620 3 CLASSPNP.SYS[fffffa60011d2c33] -> nt!IofCallDriver -> [0xfffffa8004a522a0]
21:49:05.627 5 acpi.sys[fffffa60008c1fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004c25050]
21:49:07.377 AVAST engine scan C:\Windows
21:49:13.048 AVAST engine scan C:\Windows\system32
21:53:55.973 AVAST engine scan C:\Windows\system32\drivers
21:54:12.906 AVAST engine scan C:\Users\karen
22:08:42.900 AVAST engine scan C:\ProgramData
22:11:02.653 File: C:\ProgramData\Microsoft\Windows\DRM\994A.tmp.dat **INFECTED** Win32:Crypt-NBS [Trj]
22:13:32.652 Scan finished successfully
06:07:02.990 Disk 0 MBR has been saved successfully to "C:\Users\karen\Desktop\MBR.dat"
06:07:02.995 The log file has been saved successfully to "C:\Users\karen\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 30 June 2012 - 03:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Microsoft\Windows\DRM

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kb025

kb025
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 01 July 2012 - 04:43 PM

Hi Gringo, ComboFix ran without problems and the log follows. Google is still redirecting :-(

ComboFix 12-07-01.03 - karen 07/01/2012 17:09:20.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1980 [GMT -4:00]
Running from: c:\users\karen\Downloads\ComboFix.exe
Command switches used :: c:\users\karen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\MSMoney\My Money Backup.mbf
c:\data\MSMoney\My Money.mny
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\994A.tmp.dat
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01_64.key
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\DRMv1.bak
c:\programdata\Microsoft\Windows\DRM\DRMv1.key
c:\programdata\Microsoft\Windows\DRM\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\IndivBox_64.key
c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\users\karen\AppData\Roaming\Start
c:\users\karen\AppData\Roaming\Start\temp_BB40E0B5\flash.10.0.32.18.ocx
c:\users\karen\AppData\Roaming\Start\temp_BCECE583\flash.10.0.32.18.ocx
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 21:20 . 2012-07-01 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 00:43 . 2012-06-25 00:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-25 00:42 . 2012-06-25 00:42 -------- d-----w- c:\program files (x86)\Oracle
2012-06-21 11:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:34 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:34 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 01:00 . 2012-06-20 01:00 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 01:00 . 2012-06-20 01:00 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 19:58 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 19:58 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 19:57 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 19:57 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 19:57 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 19:57 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 19:57 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 19:57 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-11 21:38 . 2012-06-11 21:39 -------- d-----w- c:\users\karen\ERUNT
2012-06-11 21:32 . 2012-06-11 21:32 378 ----a-w- c:\users\karen\myshared.reg
2012-06-11 21:17 . 2012-06-11 21:17 555064094 ----a-w- c:\users\karen\regdate_jun11.reg
2012-06-11 11:34 . 2012-06-11 11:34 -------- d-----w- c:\users\karen\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 00:41 . 2012-06-25 00:42 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-25 00:41 . 2010-05-26 20:52 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-21 11:35 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 11:35 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:12 . 2012-06-21 11:35 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 11:34 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 11:34 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-17 22:35 . 2012-06-12 22:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-11 11:59 . 2012-05-11 11:59 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 11:59 . 2011-06-29 13:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-03 08:22 . 2012-05-10 22:17 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_13.28.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-07-01 21:26 68328 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-07-01 21:26 98292 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-30 02:57 . 2012-07-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-30 02:57 . 2012-03-30 00:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-30 02:57 . 2012-07-01 17:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-30 02:57 . 2012-03-30 00:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-30 02:57 . 2012-03-30 00:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-30 02:57 . 2012-07-01 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-27 13:25 . 2012-06-27 13:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-01 21:23 . 2012-07-01 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-01 21:23 . 2012-07-01 21:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-27 13:25 . 2012-06-27 13:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-30 02:34 . 2012-07-01 16:13 439822 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-11-09 08:20 . 2012-06-27 13:22 396948 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2011-11-09 08:20 . 2012-07-01 21:20 396948 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2011-02-11 08:17 . 2012-07-01 21:20 383220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-11 08:17 . 2012-06-27 13:22 383220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-30 19:09 . 2012-07-01 21:20 1780316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2316398640-3585058815-281969237-1000-8192.dat
- 2011-06-30 19:09 . 2012-06-27 13:22 1780316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2316398640-3585058815-281969237-1000-8192.dat
+ 2011-06-30 19:09 . 2012-07-01 21:20 38399456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2316398640-3585058815-281969237-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SansaDispatch"="c:\users\karen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-05-02 79872]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-23 39408]
"Facebook Update"="c:\users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-03-09 37888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2012-5-11 400352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316398640-3585058815-281969237-1000Core.job
- c:\users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 15:31]
.
2012-07-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2316398640-3585058815-281969237-1000UA.job
- c:\users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 15:31]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 13:32]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-12 13:32]
.
2012-06-11 c:\windows\Tasks\HPCeeScheduleForkaren.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 18:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: presagis.com\vpn
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.presagis.com/CACHE/stc/1/binaries/vpnweb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\i7rqs90r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-07-01 17:38:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 21:38
ComboFix2.txt 2012-06-27 13:40
.
Pre-Run: 189,753,233,408 bytes free
Post-Run: 189,880,881,152 bytes free
.
- - End Of File - - 5E890513FB3D5004AE0959D8344E7713

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 01 July 2012 - 05:41 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kb025

kb025
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 03 July 2012 - 08:21 AM

Hi Gringo - I haven't seen a redirect using IE for a while; it only happens with Firefox. Do you think I should just reinstall Firefox? Following is the OTL log:

OTL logfile created on: 7/3/2012 8:44:22 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\karen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 35.70% Memory free
8.20 Gb Paging File | 5.37 Gb Available in Paging File | 65.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.11 Gb Total Space | 179.47 Gb Free Space | 62.95% Space Free | Partition Type: NTFS
Drive D: | 12.98 Gb Total Space | 2.44 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

Computer Name: JADE | User Name: karen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\karen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\karen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Program Files (x86)\Winamp\winampa.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Winamp\winampa.exe ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (U2SP) USB to Serial Converter Driver(Philips) -- C:\Windows\SysNative\DRIVERS\u2s2kxp64.sys (Magic Control Technology Corp.)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys (Motorola Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (NETw4v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV - (WinRing0_1_2_0) -- C:\Users\karen\Downloads\RealTemp_370\WinRing0x64.sys (OpenLibSys.org)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{4AEE759C-B937-44D6-A657-2AEA42F8231C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4AEE759C-B937-44D6-A657-2AEA42F8231C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~2\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\karen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\karen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/02/26 12:01:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/02/26 12:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/10 21:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/10 21:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 21:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 17:52:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/19 20:39:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/06/10 21:38:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012/06/10 21:38:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 21:00:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 17:52:23 | 000,000,000 | ---D | M]

[2010/10/30 17:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karen\AppData\Roaming\Mozilla\Extensions
[2010/08/31 20:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karen\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/16 20:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\i7rqs90r.default\extensions
[2010/12/18 15:44:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\karen\AppData\Roaming\Mozilla\Firefox\Profiles\i7rqs90r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/12 17:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/15 10:22:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/10 21:38:50 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[1617/01/04 02:42:57 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7RQS90R.DEFAULT\EXTENSIONS\GLBNKERMOJ@GLBNKERMOJ.ORG.XPI
[2012/06/19 21:00:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 21:00:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 21:00:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\PROGRA~2\SONYON~1\npsoe.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\karen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\karen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DivX HiQ = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Default = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: AVG Safe Search = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Skype Click to Call = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/07/01 17:25:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000..\Run: [Facebook Update] C:\Users\karen\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000..\Run: [SansaDispatch] C:\Users\karen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Users\karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..Trusted Domains: presagis.com ([vpn] https in Trusted sites)
O15 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.presagis.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://presagis.webex.com/client/T27L/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE538A58-D1C6-4E47-A2A9-25FE225828A5}: DhcpNameServer = 10.74.5.200 10.74.20.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85A3971-8BF3-4569-96E3-5CFD5A1F2154}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPSplash.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPSplash.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 17:38:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/01 17:25:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/27 08:40:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/27 08:40:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/27 08:40:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/27 08:40:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/24 20:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/24 20:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/24 20:42:12 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/24 20:42:12 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/24 20:41:29 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/24 20:41:29 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/21 07:36:40 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 07:36:40 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 07:36:40 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 07:35:21 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 07:35:21 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/21 07:35:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 07:35:21 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/21 07:35:21 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 07:35:21 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/21 07:34:53 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 07:34:53 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/21 07:34:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 07:34:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/12 18:19:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/12 18:19:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/12 18:19:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/12 18:19:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/12 18:19:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/12 18:19:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/12 18:19:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/12 18:19:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/12 18:19:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/12 18:19:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/12 18:19:10 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/12 18:19:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 18:19:08 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 17:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/12 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/12 15:57:57 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 15:57:57 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\karen\ERUNT
[2012/06/11 14:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/11 07:34:01 | 000,000,000 | ---D | C] -- C:\Users\karen\AppData\Local\ElevatedDiagnostics
[2012/06/11 06:47:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

========== Files - Modified Within 30 Days ==========

[2012/07/03 08:42:20 | 000,001,724 | -H-- | M] () -- C:\Users\karen\Documents\Default.rdp
[2012/07/03 08:36:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2316398640-3585058815-281969237-1000UA.job
[2012/07/03 08:17:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 08:17:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 08:17:25 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2316398640-3585058815-281969237-1000Core.job
[2012/07/03 08:11:07 | 101,039,536 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/03 08:09:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 08:08:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 08:07:06 | 000,363,878 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/07/03 08:07:06 | 000,363,878 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/07/03 08:06:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 19:36:47 | 000,579,462 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 17:26:24 | 000,000,253 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/07/01 17:25:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/01 17:23:00 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 08:56:47 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/28 06:07:02 | 000,000,512 | ---- | M] () -- C:\Users\karen\Desktop\MBR.dat
[2012/06/27 07:00:25 | 000,004,614 | ---- | M] () -- C:\Users\karen\Documents\Attach.zip
[2012/06/27 06:39:07 | 000,000,000 | ---- | M] () -- C:\Users\karen\defogger_reenable
[2012/06/24 20:41:14 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/24 20:41:14 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/24 20:41:14 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/24 20:41:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/24 20:41:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/22 09:06:30 | 000,000,600 | ---- | M] () -- C:\Users\karen\AppData\Local\PUTTY.RND
[2012/06/12 18:36:05 | 000,399,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 18:16:33 | 000,737,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/12 18:16:33 | 000,617,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/12 18:16:33 | 000,109,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/11 17:32:25 | 000,000,378 | ---- | M] () -- C:\Users\karen\myshared.reg
[2012/06/11 17:17:49 | 555,064,094 | ---- | M] () -- C:\Users\karen\regdate_jun11.reg
[2012/06/11 14:18:07 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/11 06:29:21 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForkaren.job
[2012/06/10 17:02:12 | 000,000,732 | ---- | M] () -- C:\Users\karen\AppData\Local\d3d9caps64.dat

========== Files Created - No Company Name ==========

[2012/06/27 08:40:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/27 08:40:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/27 08:40:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/27 08:40:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/27 08:40:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/27 07:00:25 | 000,004,614 | ---- | C] () -- C:\Users\karen\Documents\Attach.zip
[2012/06/27 06:39:07 | 000,000,000 | ---- | C] () -- C:\Users\karen\defogger_reenable
[2012/06/25 19:38:48 | 000,000,512 | ---- | C] () -- C:\Users\karen\Desktop\MBR.dat
[2012/06/12 17:52:25 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/11 17:32:25 | 000,000,378 | ---- | C] () -- C:\Users\karen\myshared.reg
[2012/06/11 17:17:06 | 555,064,094 | ---- | C] () -- C:\Users\karen\regdate_jun11.reg
[2012/06/10 17:35:52 | 4293,320,704 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/20 01:51:29 | 000,000,224 | ---- | C] () -- C:\Users\karen\AppData\Roaming\wklnhst.dat
[2012/01/10 21:58:03 | 000,002,048 | -HS- | C] () -- C:\Users\karen\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011/12/10 23:06:43 | 000,000,032 | ---- | C] () -- C:\Users\karen\jagex_cl_runescape_LIVE.dat
[2011/12/09 21:22:01 | 000,007,062 | -HS- | C] () -- C:\Users\karen\AppData\Local\t6le76k8mp5pca
[2011/12/09 21:22:01 | 000,007,062 | -HS- | C] () -- C:\ProgramData\t6le76k8mp5pca
[2011/12/04 09:41:43 | 000,000,732 | ---- | C] () -- C:\Users\karen\AppData\Local\d3d9caps64.dat
[2011/12/03 22:52:35 | 000,011,692 | -HS- | C] () -- C:\Users\karen\AppData\Local\3b23qo0m53f805
[2011/12/03 22:52:35 | 000,011,692 | -HS- | C] () -- C:\ProgramData\3b23qo0m53f805
[2011/06/30 09:53:28 | 026,589,080 | ---- | C] () -- C:\Users\karen\klb
[2011/05/22 22:25:35 | 002,295,520 | ---- | C] () -- C:\Users\karen\HPSDU.exe
[2011/05/22 22:22:17 | 000,000,497 | ---- | C] () -- C:\Users\karen\HPPDU - Shortcut.lnk
[2011/04/30 19:54:43 | 001,553,896 | ---- | C] () -- C:\Users\karen\HPPDU.exe
[2011/04/02 20:57:04 | 004,645,878 | R--- | C] () -- C:\Users\karen\My Money Backup_2011-04-02_205653.mbf
[2011/03/23 16:31:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/26 11:54:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/26 11:54:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/12/27 15:49:55 | 000,000,218 | ---- | C] () -- C:\Users\karen\.recently-used.xbel
[2010/10/27 19:27:18 | 000,001,940 | ---- | C] () -- C:\Users\karen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/05 17:54:03 | 000,000,087 | ---- | C] () -- C:\Users\karen\jagex_runescape_preferences2.dat
[2010/06/05 17:54:03 | 000,000,000 | ---- | C] () -- C:\Users\karen\jagex__preferences3.dat
[2010/06/05 17:52:18 | 000,000,042 | ---- | C] () -- C:\Users\karen\jagex_runescape_preferences.dat
[2009/11/16 09:03:03 | 000,000,680 | ---- | C] () -- C:\Users\karen\AppData\Local\d3d9caps.dat
[2009/04/09 17:32:37 | 000,363,878 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/09 17:32:36 | 000,363,878 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/06 19:22:40 | 000,019,456 | ---- | C] () -- C:\Users\karen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/30 17:56:13 | 000,870,128 | ---- | C] () -- C:\Users\karen\AppData\Roaming\mcs.rma
[2008/11/08 16:03:01 | 000,027,839 | ---- | C] () -- C:\Users\karen\AppData\Roaming\nvModes.001
[2008/11/08 15:28:45 | 000,027,839 | ---- | C] () -- C:\Users\karen\AppData\Roaming\nvModes.dat
[2008/09/19 19:22:23 | 000,000,600 | ---- | C] () -- C:\Users\karen\AppData\Local\PUTTY.RND

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 03 July 2012 - 08:38 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8    
    IE:64bit: - HKLM\..\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes\{6DA74206-F684-4596-A924-6426C61448E2}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2316398640-3585058815-281969237-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    [1617/01/04 02:42:57 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I7RQS90R.DEFAULT\EXTENSIONS\GLBNKERMOJ@GLBNKERMOJ.ORG.XPI
    [2012/01/10 21:58:03 | 000,002,048 | -HS- | C] () -- C:\Users\karen\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    [2011/12/09 21:22:01 | 000,007,062 | -HS- | C] () -- C:\Users\karen\AppData\Local\t6le76k8mp5pca
    [2011/12/09 21:22:01 | 000,007,062 | -HS- | C] () -- C:\ProgramData\t6le76k8mp5pca
    [2011/12/03 22:52:35 | 000,011,692 | -HS- | C] () -- C:\Users\karen\AppData\Local\3b23qo0m53f805
    [2011/12/03 22:52:35 | 000,011,692 | -HS- | C] () -- C:\ProgramData\3b23qo0m53f805
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users