Jump to content

Gblock1

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Gblock1
    ran the batch file... all working ok. I did read the rest of your post and will delete any other programs that your team had me install that should be uninstalled. I thank you very much for walking me through this over the past few days. I appreciate it very much! Thanks again for all of your help!!!
  2. Gblock1
    Ran Hijack and did as you advised... Ran Eset and one threat found: C:\Documents and Settings\GBLOCK\My Documents\Downloads\WinZip165Multi-language.exe a variant of Win32/OpenInstall application
  3. Gblock1
    Log of Mbam. and Hijack this......computer seems to be working fine now. No more google redirects and google is funcitioning properly Log of Mbam Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.15.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 GBLOCK :: GLENNEEEPC [administrator] 11/15/2012 12:14:25 AM mbam-log-2012-11-15 (00-14-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201936 Time elapsed: 3 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Log of Hijack this Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:00:06 PM, on 11/15/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\agent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AsScrPro.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\GBLOCK\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe O4 - HKLM\..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: SuperHybridEngine.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: VPN Client.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agent - Unknown owner - C:\WINDOWS\agent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 12443 bytes
  4. Gblock1
    Google is working fine now without redirecting. Here is log that you requested. ========== OTL ========== HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_USERS\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: avg@toolbar:13.2.0.5 removed from extensions.enabledItems Prefs.js: "*.local" removed from network.proxy.no_proxies_on ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\GBLOCK\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\GBLOCK\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User User: GBLOCK User: LocalService User: NetworkService Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User User: GBLOCK ->Flash cache emptied: 148486 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11142012_230352
  5. Gblock1
    Copy of OTL.txt log OTL logfile created on: 11/14/2012 10:35:58 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\GBLOCK\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.28% Memory free 3.33 Gb Paging File | 2.86 Gb Available in Paging File | 85.79% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 72.06 Gb Total Space | 16.05 Gb Free Space | 22.27% Space Free | Partition Type: NTFS Drive D: | 72.05 Gb Total Space | 71.98 Gb Free Space | 99.90% Space Free | Partition Type: NTFS Computer Name: GLENNEEEPC | User Name: GBLOCK | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\GBLOCK\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) PRC - C:\WINDOWS\agent.exe () PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe () PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) PRC - C:\WINDOWS\AsScrPro.exe (ASUS) PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\WINDOWS\system32\sdtnpm.dll () MOD - C:\WINDOWS\agent.exe () MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll () MOD - C:\Program Files\ASUS\LiveUpdate\Enumeration.dll () MOD - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe () MOD - C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\ASUS\LiveUpdate\Parser.dll () MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\system32\vpnapi.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\msdmo.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (Agent) -- C:\WINDOWS\agent.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit) SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\GBLOCK\LOCALS~1\Temp\catchme.sys File not found DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.) DRV - (AsUpIO) -- C:\WINDOWS\system32\drivers\AsUpIO.sys () DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (VMUVC) -- C:\WINDOWS\system32\drivers\VMUVC.sys (Vimicro Corporation) DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (vvftUVC) -- C:\WINDOWS\system32\drivers\vvftUVC.sys (Vimicro Corporation) DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23:32&v=12.2.5.34&sap=hp IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=14987&src=crm&q={searchTerms}&locale=en_US IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23:32&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2514897835-882076413-806336791-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.ebay.com" FF - prefs.js..extensions.enabledItems: avg@toolbar:13.2.0.5 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\GBLOCK\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\GBLOCK\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\GBLOCK\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\GBLOCK\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 20:47:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/11 21:47:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/11 21:47:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/28 19:09:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/10/31 15:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GBLOCK\Application Data\Mozilla\Extensions [2012/11/11 21:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\extensions [2012/11/11 21:47:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012/11/11 21:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/08 20:47:28 | 000,003,574 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/11/14 18:18:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-2514897835-882076413-806336791-1005..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKU\S-1-5-21-2514897835-882076413-806336791-1005..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2514897835-882076413-806336791-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 107.17.124.1 64.134.255.2 64.134.255.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65197B67-2E55-4FB1-BC95-8142C72E5B4D}: DhcpNameServer = 107.17.124.1 64.134.255.2 64.134.255.10 O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>) O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/20 14:19:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/14 22:34:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GBLOCK\Desktop\OTL.exe [2012/11/14 21:18:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/11/14 21:15:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/11/14 18:38:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/11/14 18:21:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/11/14 18:09:30 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/11/14 00:00:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/11/14 00:00:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/11/14 00:00:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/11/14 00:00:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/11/13 23:51:35 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/13 23:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012/11/12 17:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\Nacva 2011 RFP_files [2012/11/12 14:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\how_to_find_hidden_assets_files [2012/11/11 21:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/11/11 21:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/11/11 11:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/11 11:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/11/11 11:28:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/11/11 11:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/09 23:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\Bench Media Video [2012/11/08 20:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\AICPA 2012 BV Conf Orlando [2012/10/28 00:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GBLOCK\Desktop\Accounting Today Presentation 10-30-12 [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/14 22:41:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/11/14 22:34:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GBLOCK\Desktop\OTL.exe [2012/11/14 22:01:47 | 000,436,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/11/14 22:01:47 | 000,069,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/11/14 21:57:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/11/14 21:57:45 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2012/11/14 21:57:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/11/14 21:50:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\MBR.dat [2012/11/14 21:49:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005UA.job [2012/11/14 19:00:13 | 001,664,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/11/14 18:49:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005Core.job [2012/11/14 18:42:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/11/14 18:18:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/11/14 18:09:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/11/14 07:48:23 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Application Data\wklnhst.dat [2012/11/14 00:02:09 | 000,000,281 | ---- | M] () -- C:\Boot.bak [2012/11/12 17:21:53 | 000,376,290 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\NACVA CAll For Presenters.pdf [2012/11/12 17:16:55 | 000,164,268 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\Nacva 2011 RFP.htm [2012/11/12 14:32:17 | 000,076,187 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Desktop\how_to_find_hidden_assets.html [2012/11/11 21:47:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\GBLOCK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/11/11 21:47:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/11/11 11:28:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/10 22:03:41 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT [2012/11/08 20:47:25 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012/10/22 03:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/14 21:50:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\MBR.dat [2012/11/14 00:02:09 | 000,000,281 | ---- | C] () -- C:\Boot.bak [2012/11/14 00:02:04 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/11/14 00:00:56 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/11/14 00:00:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/11/14 00:00:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/11/14 00:00:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/11/14 00:00:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/11/12 17:16:54 | 000,164,268 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\Nacva 2011 RFP.htm [2012/11/12 16:24:00 | 000,376,290 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\NACVA CAll For Presenters.pdf [2012/11/12 14:32:15 | 000,076,187 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Desktop\how_to_find_hidden_assets.html [2012/11/11 21:47:09 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2012/11/11 11:28:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/04 21:48:50 | 000,000,616 | ---- | C] () -- C:\WINDOWS\obd.ini [2012/09/18 21:06:53 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\default.pls [2012/09/18 18:02:30 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\GBLOCK\.rnd [2012/02/28 22:34:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/11 17:10:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\agent.exe [2012/02/11 17:10:00 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\sdtnpm.dll [2011/12/02 00:26:06 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2010/04/03 21:34:16 | 000,167,949 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\mv.db [2010/04/03 21:34:16 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\settings.ini [2009/12/12 20:06:27 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/14 10:13:10 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\wklnhst.dat [2009/11/01 17:46:42 | 000,605,092 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3900.QLF [2009/11/01 17:46:42 | 000,574,840 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3700.QLF [2009/11/01 17:46:42 | 000,534,484 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3000.QLF [2009/11/01 17:46:42 | 000,469,504 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP1632.QLF [2009/11/01 17:46:42 | 000,321,213 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP816.QLF [2009/11/01 17:46:42 | 000,269,684 | ---- | C] () -- C:\Documents and Settings\GBLOCK\PCD3000.EXE [2009/11/01 17:46:42 | 000,260,439 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP600.QLF [2009/11/01 17:46:42 | 000,211,282 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800.QLF [2009/11/01 17:46:42 | 000,210,160 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3900.QLD [2009/11/01 17:46:42 | 000,209,869 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800E.QLF [2009/11/01 17:46:42 | 000,208,735 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3700.QLD [2009/11/01 17:46:42 | 000,202,705 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP808.QLF [2009/11/01 17:46:42 | 000,186,388 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP400.QLF [2009/11/01 17:46:42 | 000,186,159 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP400.QLF [2009/11/01 17:46:42 | 000,178,028 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP1632.QLD [2009/11/01 17:46:42 | 000,174,585 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP816.QLD [2009/11/01 17:46:42 | 000,141,659 | ---- | C] () -- C:\Documents and Settings\GBLOCK\PCD3000.QLF [2009/11/01 17:46:42 | 000,007,276 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MA3000.QLD [2009/11/01 17:46:42 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP600.QLD [2009/11/01 17:46:42 | 000,002,402 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800.QLD [2009/11/01 17:46:42 | 000,002,212 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP808.QLD [2009/11/01 17:46:42 | 000,002,195 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP800E.QLD [2009/11/01 17:46:42 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\GBLOCK\MODEM.LST [2009/11/01 17:46:42 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\GBLOCK\XP400.QLD [2009/11/01 17:46:42 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\GBLOCK\GP400.QLD [2009/10/21 16:44:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\SystemConfiguration [2009/10/21 16:44:10 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\GBLOCK\Application Data\Synth Leads [2009/10/21 16:44:10 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Clips [2009/10/21 16:40:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT [2009/10/21 12:14:23 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\GBLOCK\default.pls [2009/10/09 18:20:41 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat ========== ZeroAccess Check ========== [2009/06/22 22:59:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 18:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  6. Gblock1
    Copies of TDSS log and ASWMBR log. 21:20:38.0578 2544 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:20:39.0312 2544 ============================================================ 21:20:39.0312 2544 Current date / time: 2012/11/14 21:20:39.0312 21:20:39.0312 2544 SystemInfo: 21:20:39.0312 2544 21:20:39.0312 2544 OS Version: 5.1.2600 ServicePack: 3.0 21:20:39.0312 2544 Product type: Workstation 21:20:39.0312 2544 ComputerName: GLENNEEEPC 21:20:39.0312 2544 UserName: GBLOCK 21:20:39.0312 2544 Windows directory: C:\WINDOWS 21:20:39.0312 2544 System windows directory: C:\WINDOWS 21:20:39.0312 2544 Processor architecture: Intel x86 21:20:39.0312 2544 Number of processors: 2 21:20:39.0312 2544 Page size: 0x1000 21:20:39.0312 2544 Boot type: Normal boot 21:20:39.0312 2544 ============================================================ 21:20:40.0515 2544 BG loaded 21:20:41.0078 2544 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:20:41.0093 2544 ============================================================ 21:20:41.0093 2544 \Device\Harddisk0\DR0: 21:20:41.0109 2544 MBR partitions: 21:20:41.0109 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0 21:20:41.0109 2544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E 21:20:41.0109 2544 ============================================================ 21:20:41.0218 2544 C: <-> \Device\Harddisk0\DR0\Partition1 21:20:41.0375 2544 D: <-> \Device\Harddisk0\DR0\Partition2 21:20:41.0515 2544 ============================================================ 21:20:41.0515 2544 Initialize success 21:20:41.0515 2544 ============================================================ 21:21:57.0234 2464 Deinitialize success aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-11-14 21:26:53 ----------------------------- 21:26:53.734 OS Version: Windows 5.1.2600 Service Pack 3 21:26:53.734 Number of processors: 2 586 0x1C02 21:26:53.734 ComputerName: GLENNEEEPC UserName: GBLOCK 21:26:54.218 Initialize success 21:32:31.546 AVAST engine defs: 12111401 21:32:42.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 21:32:42.296 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3 21:32:42.328 Disk 0 MBR read successfully 21:32:42.328 Disk 0 MBR scan 21:32:42.375 Disk 0 Windows XP default MBR code 21:32:42.390 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 73790 MB offset 63 21:32:42.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 73782 MB offset 151123455 21:32:42.453 Disk 0 Partition 3 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302230845 21:32:42.484 Disk 0 Partition 4 00 EF EFI FAT A1311 47 MB offset 312480315 21:32:42.500 Disk 0 scanning sectors +312576705 21:32:42.578 Disk 0 scanning C:\WINDOWS\system32\drivers 21:32:55.078 Service scanning 21:33:21.046 Modules scanning 21:33:27.312 Disk 0 trace - called modules: 21:33:27.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk32.tmp hal.dll iaStor.sys 21:33:27.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3a3030] 21:33:27.375 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a38d8d8] 21:33:27.390 5 tsk32.tmp[b9f51620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x89de5028] 21:33:27.921 AVAST engine scan C:\WINDOWS 21:33:56.968 AVAST engine scan C:\WINDOWS\system32 21:37:59.921 AVAST engine scan C:\WINDOWS\system32\drivers 21:38:16.812 AVAST engine scan C:\Documents and Settings\GBLOCK 21:44:45.031 AVAST engine scan C:\Documents and Settings\All Users 21:45:59.734 Scan finished successfully 21:50:40.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\GBLOCK\Desktop\MBR.dat" 21:50:40.281 The log file has been saved successfully to "C:\Documents and Settings\GBLOCK\Desktop\aswMBR.txt"
  7. Gblock1
    Oops.... sorry..., I may have jumped the gun to soon on this one by saying everything was working. I'm still having the same problem, though this morning, it seemed to have worked fine for a little bit. I will wait for further instructions from you, but in the meantime, I followwed your request, and here is the output log: ComboFix 12-11-14.01 - GBLOCK 11/14/2012 18:10:58.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1435 [GMT -5:00] Running from: c:\documents and settings\GBLOCK\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\GBLOCK\Desktop\CFScript1.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\GBLOCK\WINDOWS c:\windows\IsUn0407.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))) . . 2012-11-12 02:45 . 2012-10-24 17:50 16864 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2012-11-11 16:32 . 2012-11-11 16:32 8282192 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-11 16:28 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-09 01:47 . 2012-09-18 22:23 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-14 02:41 . 2012-04-25 03:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-14 02:41 . 2011-06-04 20:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-28 15:14 . 2009-05-20 19:07 916992 ------w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2009-05-20 19:07 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2009-05-20 19:07 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2009-05-20 19:07 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2009-05-20 19:07 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2008-04-14 00:54 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2008-04-14 00:01 2027520 ------w- c:\windows\system32\ntkrnlpa.exe 2012-10-24 17:50 . 2012-11-12 02:47 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}" [HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{618A47A2-528B-4D9A-AFC8-97D3233511E2}" [HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2009-03-25 1840424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-10 1512744] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136] "LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-10 79144] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-08-31 996616] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-03-26 135168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-11-25 6144] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Honeywell\\Fusion\\Remote\\Utility\\IP_Finder.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"= "c:\\Documents and Settings\\GBLOCK\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/7/2010 5:18 PM 11448] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/18/2012 5:23 PM 26984] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 8:47 PM 711112] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/1/2009 2:26 AM 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [6/1/2009 2:26 AM 39040] S2 Agent;Agent;c:\windows\agent.exe [2/11/2012 5:10 PM 155648] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/22/2009 10:49 PM 1684736] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/16/2009 11:36 PM 17408] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [4/3/2010 9:19 PM 252032] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [4/3/2010 9:19 PM 398720] . Contents of the 'Scheduled Tasks' folder . 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 02:41] . 2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005Core.job - c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54] . 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005UA.job - c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54] . . ------- Supplementary Scan ------- . uStart Page = https://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23&v=12.2.5.34&sap=hp uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 107.17.124.1 64.134.255.2 64.134.255.10 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.ebay.com FF - ExtSQL: 2012-11-11 21:45; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 FF - ExtSQL: !HIDDEN! 2009-10-20 23:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008 HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat AddRemove-EDIABAS WinKFP Uninstall - c:\windows\IsUn0407.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-14 18:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2012-11-14 18:21:26 ComboFix-quarantined-files.txt 2012-11-14 23:21 ComboFix2.txt 2012-11-14 05:12 . Pre-Run: 17,660,731,392 bytes free Post-Run: 17,640,415,232 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - D59E67A2AF84556C708D88AD371E9465
  8. Gblock1
    I did go to your links...., not sure how I ended up with an old copy......, but the good news is when I turned on my computer today, all seems to be working just fine. Perhaps a reboot did the trick. In any event, I thank you very very much for all of your support. Glenn
  9. Gblock1
    Still not working.... here is combofix log. Thanks. ComboFix 09-11-25.01 - GBLOCK 11/14/2012 0:05.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1450 [GMT -5:00] Running from: c:\documents and settings\GBLOCK\My Documents\Downloads\ComboFix.exe . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\79908ce3cf8c3a41.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\twain_32.dll . ((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 ))))))))))))))))))))))))))))))) . 2012-11-12 02:47 . 2012-11-12 02:47 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-11-11 16:32 . 2012-11-11 16:32 8282192 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-11-11 16:28 . 2012-11-11 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-11 16:28 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-26 19:00 . 2012-10-26 19:00 4735512 ----a-w- c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll 2012-10-26 18:59 . 2012-10-26 18:59 329240 ----a-w- c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgoogletalk.dll 2012-10-26 18:17 . 2012-10-26 18:17 3734536 ----a-w- c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-14 04:48 . 2012-09-18 22:23 -------- d-----w- c:\program files\AVG Secure Search 2012-11-14 04:44 . 2009-10-09 23:44 -------- d-----w- c:\program files\Mozilla Thunderbird 2012-11-11 03:03 . 2009-10-21 21:40 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT 2012-11-10 21:55 . 2010-10-26 02:18 -------- d-----w- c:\documents and settings\GBLOCK\Application Data\vlc 2012-11-09 01:47 . 2012-09-18 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2012-11-09 01:47 . 2012-09-18 22:23 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-14 19:56 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2012-10-14 19:49 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works 2012-10-14 02:41 . 2012-04-25 03:19 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-05 01:25 . 2012-10-05 01:25 -------- d-----w- c:\program files\7-Zip 2012-10-01 16:30 . 2009-10-09 23:17 -------- d-----w- c:\documents and settings\GBLOCK\Application Data\Skype 2012-10-01 16:28 . 2009-06-23 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2012-10-01 16:28 . 2012-10-01 16:28 -------- d-----w- c:\program files\Common Files\Skype 2012-10-01 16:28 . 2012-10-01 16:28 -------- d-----r- c:\program files\Skype 2012-09-18 23:00 . 2009-10-21 16:38 -------- d-----w- c:\program files\Common Files\Nero 2012-09-18 22:59 . 2012-09-18 22:59 -------- d-----w- c:\program files\Nero 2012-09-18 22:58 . 2009-10-21 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2012-09-18 22:24 . 2012-09-18 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\documents and settings\GBLOCK\Application Data\AVG Secure Search 2012-09-18 22:23 . 2012-09-18 22:23 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-08-28 15:14 . 2009-05-20 19:07 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2009-05-20 19:07 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-24 13:53 . 2009-05-20 19:07 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2008-04-14 00:54 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-24 17:50 . 2012-11-12 02:47 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}" [HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{618A47A2-528B-4D9A-AFC8-97D3233511E2}" [HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312] "Google Update"="c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-03-26 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup" [X] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe VMUVC" [X] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-10 1512744] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136] "LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-10 79144] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 997320] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2009-04-08 570664] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-27 17567744] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-11-25 6144] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-4-4 603536] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Honeywell\\Fusion\\Remote\\Utility\\IP_Finder.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"= "c:\\Documents and Settings\\GBLOCK\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [7/7/2010 5:18 PM 11448] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/18/2012 5:23 PM 26984] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 4:22 PM 193616] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/22/2009 11:03 PM 55152] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 1:19 PM 50704] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 8:47 PM 711112] R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [6/22/2009 10:46 PM 10752] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 4:22 PM 240208] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/1/2009 2:26 AM 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [6/1/2009 2:26 AM 39040] S2 Agent;Agent;c:\windows\agent.exe [2/11/2012 5:10 PM 155648] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/24/2012 10:19 PM 250808] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/22/2009 10:49 PM 1684736] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 8:08 PM 533360] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11/11/2012 9:47 PM 115168] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [10/16/2009 11:36 PM 17408] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [4/3/2010 9:19 PM 252032] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [4/3/2010 9:19 PM 398720] --- Other Services/Drivers In Memory --- *NewlyCreated* - WS2IFSL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d8531fb-ea89-11df-bc18-002243f3898b}] \Shell\AutoRun\command - E:\StartHerePC.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f3f492-eae9-11df-bc19-002243f3898b}] \Shell\AutoRun\command - e:\shelexec.exe @exedrv@\FVSindex.html [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97f3f493-eae9-11df-bc19-002243f3898b}] \Shell\AutoRun\command - e:\shelexec.exe @exedrv@\FVSindex.html [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008] reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Send To Neat] reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f . Contents of the 'Scheduled Tasks' folder 2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 02:41] 2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005Core.job - c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54] 2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514897835-882076413-806336791-1005UA.job - c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-26 04:54] . . ------- Supplementary Scan ------- . uStart Page = https://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23&v=12.2.5.34&sap=hp uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\GBLOCK\Application Data\Mozilla\Firefox\Profiles\ie191ljh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.ebay.com FF - plugin: c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\GBLOCK\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\GBLOCK\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe AddRemove-AVG Secure Search - c:\program files\AVG Secure Search\UNINSTALL.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2012-11-14 00:12 ComboFix-quarantined-files.txt 2012-11-14 05:11 Pre-Run: 14,886,535,168 bytes free Post-Run: 17,725,460,480 bytes free - - End Of File - - EECD0E2F4F9C0B14D8A773467D1D586C
  10. Gblock1
    RogueKiller V8.2.3 [11/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : GBLOCK [Admin rights] Mode : Remove -- Date : 11/13/2012 23:11:33 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] agent.exe -- C:\WINDOWS\agent.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ _INLINE_ : NtResumeThread -> HOOKED (Unknown @ 0x000000CC) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS543216L9SA00 +++++ --- User --- [MBR] 99618133e85ee50e09035d5381c3059c [bSP] 16c5bd73d481b4026f476b4c3eccab1b : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 73790 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 151123455 | Size: 73782 Mo 2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302230845 | Size: 5004 Mo 3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312480315 | Size: 47 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_11132012_02d2311.txt >> RKreport[1]_S_11132012_02d2311.txt ; RKreport[2]_D_11132012_02d2311.txt
  11. Gblock1
    Running Windows XP Home edition version 2002 sp3 When trying to run google.com dns redirects to 87.125.87.103. Checked host file and all looks ok. Ran Malwarebytes but no fix. DDS file DDS (Ver_2012-11-07.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by GBLOCK at 22:25:34 on 2012-11-12 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1500 [GMT -5:00] . . ============== Running Processes ================ . C:\WINDOWS\agent.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\AsScrPro.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinZip\WZQKPICK32.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxps://isearch.avg.com/?cid={A52AF0D5-672F-4D00-969B-B636178B590D}&mid=0ecffd51abd64f1bb9b4546f4fb78a47-4d2e5c41e3d76b204bb6bca41bc2a2f08b6b494a〈=en&ds=hk011&pr=sa&d=2012-09-18 18:23:32&v=12.2.5.34&sap=hp BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe uRun: [Google Update] "c:\documents and settings\gblock\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ASUSWebStorage] c:\program files\asus\asus webstorage\3.0.108.222\AsusWSPanel.exe /S mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe TCP: NameServer = 69.78.96.14 66.174.95.44 TCP: Interfaces\{65197B67-2E55-4FB1-BC95-8142C72E5B4D} : DHCPNameServer = 69.78.96.14 66.174.95.44 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\gblock\application data\mozilla\firefox\profiles\ie191ljh.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.ebay.com FF - plugin: c:\documents and settings\gblock\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\gblock\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\gblock\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - ExtSQL: 2012-11-11 21:45; avg@toolbar; c:\documents and settings\all users\application data\avg secure search\firefoxext\13.2.0.5 FF - ExtSQL: !HIDDEN! 2009-10-20 23:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-7-7 11448] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-18 26984] R2 Agent;Agent;c:\windows\agent.exe [2012-2-11 155648] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-22 55152] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040] R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736] S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-16 17408] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2010-4-3 252032] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2010-4-3 398720] . =============== Created Last 30 ================ . 2012-11-12 02:45:09 16864 ----a-w- c:\program files\mozilla firefox\plugin-container.exe 2012-11-11 16:32:53 8282192 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.391.0oemBingBarSetup-Partner.EXE 2012-11-11 16:28:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-11-11 16:28:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-11 16:28:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-09 01:47:35 -------- d-----w- c:\windows\system32\cache . ==================== Find3M ==================== . 2012-11-09 01:47:25 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-10-14 02:41:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-14 02:41:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 22:26:35.28 =============== Attach file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/10/2009 6:07:59 AM System Uptime: 11/12/2012 9:19:59 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | 1005HA Processor: Intel® Atom™ CPU N280 @ 1.66GHz | PBGA 437 | 1666/167mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 72 GiB total, 10.012 GiB free. D: is FIXED (NTFS) - 72 GiB total, 71.982 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP107: 9/18/2012 6:19:48 PM - Software Distribution Service 3.0 RP108: 9/18/2012 6:56:39 PM - Installed Nero 8 Essentials RP109: 10/1/2012 12:27:42 PM - Software Distribution Service 3.0 RP110: 10/4/2012 9:19:50 PM - Software Distribution Service 3.0 RP111: 10/14/2012 3:43:30 PM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe Digital Editions Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Application Support Apple Mobile Device Support Apple Software Update Asus ACPI Driver ASUS VIBE ASUS WebStorage ASUSUpdate for Eee PC Atheros Client Installation Program Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AVG Security Toolbar Bing Bar BitTorrent Bonjour Capture NX Choice Guard Cisco Systems VPN Client 5.0.03.0560 Compatibility Pack for the 2007 Office system Data Sync Digital microscope Dr.Eee EN ebi.BookReader3J EDIABAS WinKFP Uninstall Eee Docking 1.3.4.0 Eee PC_1005HA Screen Saver Eee Storage EeeSplendid EzMessenger FontResizer Fusion Remote Google Talk Plugin GoToMeeting 4.5.0.457 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver iTunes Junk Mail filter update LiveUpdate Malwarebytes Anti-Malware version 1.65.1.1000 MicroCapture 2.0 Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Windows XP Video Decoder Checkup Utility Microsoft Works Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird (2.0.0.24) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Neat Neat ADF Scanner 2008 Driver Neat ADF Scanner Driver Neat Core Files Neat Mobile Scanner (Silver) Driver Neat Mobile Scanner 2008 Driver Neat Mobile Scanner Driver Nero 8 Essentials neroxml Nikon Message Center PDF Settings Picture Control Utility QuickBooks QuickBooks Premier: Accountant Edition 2008 QuickBooks Pro 2010 Quickloader DSN Setup Quickloader for Windows QuickTime Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2586448) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Segoe UI Send To Neat Skype™ 5.10 StandAlone DVR Center Application StandAlone DVR Remote Application StandAlone DVR Viewer Application Super Hybrid Engine SupportSoft Assisted Service Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB2.0 UVC Camera Device VLC media player 1.0.3 WebFldrs XP WIDCOMM Bluetooth Software Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 WinPcap 4.1.1 WinZip 16.5 Wireshark 1.2.4 . ==== Event Viewer Messages From Past Week ======== . 11/12/2012 9:28:14 PM, error: Dhcp [1002] - The IP address lease 192.168.154.252 for the Network Card with network address 0025D348DD1F has been denied by the DHCP server 172.20.10.1 (The DHCP Server sent a DHCPNACK message). 11/12/2012 2:25:19 PM, error: Dhcp [1002] - The IP address lease 172.20.10.5 for the Network Card with network address 0025D348DD1F has been denied by the DHCP server 192.168.19.1 (The DHCP Server sent a DHCPNACK message). 11/11/2012 11:45:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde 11/11/2012 11:45:19 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.