hipannekoek

OK, not sure what happened but IE9 is working again. Everything appears to be working fine. I wish to thank you for your help. You have been very helpful. I appreciate the methodical approach and clean up afterwards. Given the failure to detect the malware from Malwarebytes and MSE, is there anything that will prevent future infections? Cheers, Rolf

Aaarrghh. Tried uninstalling and installing IE9. Not it fails to install....

Kevin, Followed all the steps. Unfortunately, Internet Explorer crashes repeatedly and regularly: - it will crash when it is closed - it will crash when I try to download something Chrome seems to run fine without issues. Thanks again for all the help.

Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 37 Java version out of Date! Adobe Flash Player 9 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Vostro420 :: FB-02-V420 [administrator] Protection: Enabled 28/12/2012 8:06:24 PM mbam-log-2012-12-28 (20-06-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211791 Time elapsed: 7 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) # AdwCleaner v2.104 - Logfile created 12/29/2012 at 14:08:21 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : Vostro420 - FB-02-V420 # Boot Mode : Normal # Running from : C:\Users\Vostro420\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Vostro420\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2317 octets] - [29/12/2012 14:08:21] ########## EOF - C:\AdwCleaner[s1].txt - [2377 octets] ########## Securtity Check is still running (now 5 minutes) "Performing System Health Check" I think it is hanging.

Kevin, MSE appears to be working fine and links in Google are now going to the correct places. Everything looks fine. Thanks for the help. Really appreciate it. Please find below the logs as requested. Fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-12-2012 Ran by SYSTEM at 2012-12-29 13:08:45 Run:1 Running from F:\ ============================================== HKU\start\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ Value not found. HKEY_USERS\Vostro420\Software\Microsoft\Windows\CurrentVersion\Run\\fvsrrymfan Value deleted successfully. HKU\HKU\Vostro420\...\Run: [fvsrrymfan] rundll32 "\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\fvsrrymfan Value not found. HKU\C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll",Mfhewg [122880 2012-12-22] ()C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\fvsrrymfan Value not found. C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll,Mfhewg [122880 2012-12-22] ()C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll not found. HKU\end\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\fvsrrymfan Value not found. ==== End of Fixlog ==== DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 Run by Vostro420 at 13:12:46 on 2012-12-29 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1774 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\AERTSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\GoodSync\GoodSync.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\sppsvc.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [Google Update] "c:\users\vostro420\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [GoodSync] "c:\program files\siber systems\goodsync\GoodSync.exe" /min uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [ACSW14EN] "c:\program files\acd systems\acdsee\14.0\ACDSeeInTouch2.exe" /pid ACSW14EN mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} - hxxps://vt.globalpay.com/admin/objects/smsx.cab DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{8115AB82-A9F0-46A3-A2A9-974C3D20D46B} : DHCPNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 MpKsldb69a728;MpKsldb69a728;c:\programdata\microsoft\microsoft antimalware\definition updates\{069115c9-3316-447f-9303-5d8959b0a29b}\MpKsldb69a728.sys [2012-12-29 29904] R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2011-6-22 81920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2011-7-1 18240] R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-1-13 3002808] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272] R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2009-11-3 14592] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-28 14848] S3 Sage Simply Accounting Transaction Manager 2011 - CDN;Sage Simply Accounting Transaction Manager 2011 - CDN;c:\program files\winsim\transactionmanager2011 - cdn\Sage_SA.TransactionManager.exe [2011-6-7 46408] S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2012-6-8 46440] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-28 49664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-23 1343400] . =============== File Associations =============== . FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-12-29 21:10:23 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{069115c9-3316-447f-9303-5d8959b0a29b}\MpKsldb69a728.sys 2012-12-29 17:56:16 -------- d-----w- C:\FRST 2012-12-29 05:46:43 -------- d-----w- C:\_OTL 2012-12-29 05:18:38 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8cb422e3-a101-48d4-ab39-85998eb0a70f}\gapaengine.dll 2012-12-29 05:18:33 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{069115c9-3316-447f-9303-5d8959b0a29b}\mpengine.dll 2012-12-29 05:03:06 -------- d-----w- c:\program files\Microsoft Security Client 2012-12-29 04:42:41 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2012-12-29 04:42:39 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{05855468-169c-405f-a34a-8cfdd478f971}\mpengine.dll 2012-12-29 04:05:22 -------- d-----w- c:\users\vostro420\appdata\roaming\Malwarebytes 2012-12-29 04:05:15 -------- d-----w- c:\programdata\Malwarebytes 2012-12-29 04:05:00 -------- d-----w- c:\users\vostro420\appdata\local\Programs 2012-12-29 03:51:38 247808 ----a-w- c:\windows\system32\schannel.dll 2012-12-29 03:51:37 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2012-12-29 03:51:37 220160 ----a-w- c:\windows\system32\ncrypt.dll 2012-12-29 03:51:37 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-12-29 03:51:37 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2012-12-29 03:51:35 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-12-28 07:00:19 -------- d-----w- c:\program files\PC Tools 2012-12-28 06:46:20 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-12-28 06:46:17 -------- d-----w- c:\program files\common files\PC Tools 2012-12-28 06:45:00 -------- d-----w- c:\programdata\PC Tools 2012-12-28 06:44:57 -------- d-----w- c:\users\vostro420\appdata\roaming\TestApp 2012-12-28 03:54:02 -------- d-----w- c:\windows\pss 2012-12-22 17:29:24 122880 --sha-r- c:\users\vostro420\appdata\roaming\bitsadmina.dll 2012-12-21 11:00:44 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 11:00:44 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 13:30:06 2345984 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-12-11 23:06:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-11 23:06:55 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-22 05:13:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-22 05:13:03 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ============= FINISH: 13:13:59.73 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 22/06/2011 11:43:34 PM System Uptime: 29/12/2012 1:09:37 PM (0 hours ago) . Motherboard: Dell Inc. | | 0N185P Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2328/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 190.729 GiB free. D: is FIXED (NTFS) - 932 GiB total, 733.094 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 7000 E809a Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 7000 E809a PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: HP LaserJet M1536dnf MFP Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Hewlett-Packard Name: HP LaserJet M1536dnf MFP PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7000E809a 7000E809a_eDocs 7000E809a_Help ACDSee 14 Add or Remove Adobe Creative Suite 3 Design Premium Adobe Acrobat 8 Professional Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Design Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash CS3 Adobe Flash Player 11 ActiveX Adobe Flash Player 9 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader X (10.1.4) Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Bing Rewards Client Installer BPDSoftware BPDSoftware_Ini BufferChm D-Link SmartConsole Utility Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Resource CD DeviceDiscovery Dynex All-in-1 Card Reader EST Desktop 2.0 2.0.1211.0.11 GoodSync Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 HP Customer Participation Program 14.0 HP FWUpdateEDO3 HP Imaging Device Functions 14.0 HP LaserJet Professional M1530 MFP Series HP LJ M1530 MFP Series HP Scan HP Officejet 7000 E809a Series HP Photo Creations HP Product Detection HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPDiagnosticAlert HPLaserJetHelp_LearnCenter HPLJUT hppFaxDrvM1530 hppFaxUtilityM1530 hppLaserJetService hppM1530LaserJetService HPProductAssistant hppSendFaxM1530 hppTLBXFXM1530 HPSSupply hpzTLBXFX I.R.I.S. OCR Java Auto Updater Java 6 Update 37 Logitech Webcam Software MailingCheck MarketResearch MeadCo ScriptX (v7.0.0.8 (x86)) Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Small Business 2007 Microsoft Office Word MUI (English) 2007 Microsoft Outlook 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPhotoCreations MySQL Connector/ODBC 3.51 Network PDF Settings Picasa 3 Polar Precision Performance SW Polar WebLink 2.4.11 ProductContext QNAP Finder Realtek High Definition Audio Driver RoboForm 7-8-4-7 (All Users) Sage Download Manager Sage Simply Accounting 2011 Sage Simply Accounting 2012 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SendBlaster Shop for HP Supplies Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) Silicon Laboratories USBXpress Device (Driver Removal) Skype Click to Call Skype™ 6.0 SmartWebPrinting SolutionCenter Status Toolbox TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition WeatherLink 5.9.2 WeatherLink 5.9.3 WebReg Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 29/12/2012 1:11:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 28/12/2012 7:07:18 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s). 28/12/2012 10:36:39 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. 27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 27/12/2012 7:57:45 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 7:53:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 27/12/2012 11:02:42 PM, Error: PCTCore [280] - 27/12/2012 10:28:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 27/12/2012 10:28:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 27/12/2012 10:28:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 27/12/2012 10:28:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2012 Ran by SYSTEM at 29-12-2012 09:56:22 Running from F:\ Windows 7 Professional (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x] HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] () HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-10-25] (Hewlett-Packard Company) HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax" [2459192 2010-08-24] (Hewlett-Packard Company) HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.) HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1425208 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [99656 2011-12-22] (Sage) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [ACSW14EN] "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe" /pid ACSW14EN [1231472 2011-11-17] (ACD Systems) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation) HKU\Vostro420\...\Run: [Google Update] "C:\Users\Vostro420\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-22] (Google Inc.) HKU\Vostro420\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-22] (Google Inc.) HKU\Vostro420\...\Run: [GoodSync] "C:\Program Files\Siber Systems\GoodSync\GoodSync.exe" /min [6356920 2012-01-13] () HKU\Vostro420\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-11-28] (Siber Systems) HKU\Vostro420\...\Run: [fvsrrymfan] rundll32 "C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll",Mfhewg [122880 2012-12-22] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe () Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Services (Whitelisted) =================== 2 AERTFilters; C:\Windows\System32\AERTSrv.exe [81920 2008-07-15] (Andrea Electronics Corporation) 2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe /service [3002808 2012-01-13] () 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation) 3 Sage Simply Accounting Transaction Manager 2011 - CDN; C:\Program Files\Winsim\TransactionManager2011 - CDN\Sage_SA.TransactionManager.exe [46408 2011-06-07] (Sage) 3 Sage Simply Accounting Transaction Manager 2012 - CDN; C:\Program Files\Winsim\TransactionManager2012 - CDN\Sage_SA.TransactionManager.exe [46440 2012-06-08] (Sage) 2 Simply Accounting Database Connection Manager; C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe [21320 2011-12-22] (Sage) ==================== Drivers (Whitelisted) ==================== 2 DbgMsg; \??\C:\Windows\System32\Drivers\DbgMsg.sys [18240 2008-07-07] (Compuware Corporation - NuMega Lab) 3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation) 3 PolarUSB; C:\Windows\System32\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro) 3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14592 2009-11-03] (Silicon Laboratories) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-12-28 23:48 - 2012-12-28 23:49 - 00013364 ____A C:\Users\Vostro420\Downloads\hijackthis.log 2012-12-28 23:48 - 2012-12-28 23:48 - 00388608 ____A (Trend Micro Inc.) C:\Users\Vostro420\Downloads\HijackThis.exe 2012-12-28 22:16 - 2012-12-28 22:16 - 00688992 ____R (Swearware) C:\Users\Vostro420\Downloads\dds.com 2012-12-28 21:46 - 2012-12-28 21:46 - 00000000 ____D C:\_OTL 2012-12-28 21:03 - 2012-12-28 21:03 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-12-28 20:37 - 2012-12-28 22:45 - 00019883 ____A C:\Users\Vostro420\Desktop\dds.txt 2012-12-28 20:37 - 2012-12-28 22:18 - 00018370 ____A C:\Users\Vostro420\Desktop\attach.txt 2012-12-28 20:26 - 2012-12-28 21:36 - 00077614 ____A C:\Users\Vostro420\Downloads\Extras.Txt 2012-12-28 20:25 - 2012-12-28 22:58 - 00081472 ____A C:\Users\Vostro420\Downloads\OTL.Txt 2012-12-28 20:19 - 2012-12-28 20:19 - 00602112 ____A (OldTimer Tools) C:\Users\Vostro420\Downloads\OTL.exe 2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\Malwarebytes 2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-28 19:52 - 2012-08-23 06:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll 2012-12-28 19:52 - 2012-08-23 06:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys 2012-12-28 19:52 - 2012-08-23 06:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys 2012-12-28 19:52 - 2012-08-23 06:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-12-28 19:52 - 2012-08-23 06:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-12-28 19:52 - 2012-08-23 05:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll 2012-12-28 19:52 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll 2012-12-28 19:52 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll 2012-12-28 19:52 - 2012-08-23 05:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll 2012-12-28 19:52 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll 2012-12-28 19:52 - 2012-08-23 03:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe 2012-12-28 19:52 - 2012-08-23 03:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe 2012-12-28 19:52 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll 2012-12-28 19:52 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll 2012-12-28 19:52 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe 2012-12-28 19:52 - 2012-08-23 02:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll 2012-12-28 19:52 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2012-12-28 19:51 - 2012-08-24 09:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-12-28 19:51 - 2012-08-24 09:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-12-28 19:51 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-12-28 19:51 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-12-28 19:51 - 2012-08-24 08:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2012-12-28 19:51 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll 2012-12-27 23:00 - 2012-12-27 23:00 - 01931088 ____A (Symantec Corporation) C:\Users\Vostro420\Downloads\FixTDSS.exe 2012-12-27 23:00 - 2012-12-27 23:00 - 00000000 ____D C:\Program Files\PC Tools 2012-12-27 22:46 - 2012-12-28 19:16 - 00000000 ____D C:\Program Files\Common Files\PC Tools 2012-12-27 22:46 - 2012-12-27 22:47 - 01524547 ____A C:\Windows\System32\Drivers\Cat.DB 2012-12-27 22:46 - 2012-11-01 15:35 - 00202280 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys 2012-12-27 22:45 - 2012-12-28 19:07 - 00000000 ____D C:\Users\All Users\PC Tools 2012-12-27 22:44 - 2012-12-27 22:44 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\TestApp 2012-12-27 22:42 - 2012-12-27 22:43 - 04166136 ____A (PC Tools) C:\Users\Vostro420\Downloads\spdoc.exe 2012-12-27 22:38 - 2012-12-27 22:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Vostro420\Downloads\tdsskiller.exe 2012-12-27 19:54 - 2012-12-27 19:54 - 00000000 ____D C:\Windows\pss 2012-12-22 09:29 - 2012-12-22 09:29 - 00122880 _RASH C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll 2012-12-21 03:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-21 03:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-13 08:23 - 2012-12-13 08:23 - 00000000 ____D C:\Program Files\Common Files\Skype 2012-12-12 22:43 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-12-12 22:43 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-12-12 22:43 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-12-12 22:43 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-12-12 22:43 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-12-12 22:43 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-12-12 22:43 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-12-12 22:43 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-12-12 22:43 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-12-12 22:43 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-12-12 22:43 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-12-12 22:43 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-12-12 22:43 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-12-12 22:43 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-12-12 22:43 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-12-12 22:43 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-12-12 05:30 - 2012-11-21 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-12-12 05:29 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-12-12 05:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2012-12-12 05:29 - 2012-10-04 08:47 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-12-12 05:29 - 2012-10-04 08:43 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-12-12 05:29 - 2012-10-04 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 06:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-12-12 05:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-12-12 05:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-12-10 10:48 - 2012-12-10 10:49 - 00012800 ____A C:\Users\Vostro420\Downloads\bbc829aa9ef74e879b55048ec74287c5.xls ==================== One Month Modified Files and Folders ======== 2012-12-29 09:50 - 2011-06-22 22:26 - 01096125 ____A C:\Windows\WindowsUpdate.log 2012-12-29 09:50 - 2009-07-13 20:34 - 00013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-29 09:50 - 2009-07-13 20:34 - 00013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-29 09:48 - 2011-06-22 23:24 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-29 09:48 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-29 09:47 - 2011-06-22 22:46 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs 2012-12-29 09:47 - 2009-07-13 20:39 - 00045456 ____A C:\Windows\setupact.log 2012-12-29 09:46 - 2012-01-02 21:14 - 00000000 ____D C:\Users\Vostro420\Documents\Outlook Files 2012-12-29 09:45 - 2011-06-22 23:05 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000UA.job 2012-12-29 09:45 - 2011-06-22 22:48 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2012-12-29 09:06 - 2012-07-02 09:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-12-29 09:04 - 2011-06-22 23:24 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-12-29 08:45 - 2011-06-22 23:05 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000Core.job 2012-12-29 00:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2012-12-29 00:00 - 2011-06-22 23:55 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\GoodSync 2012-12-28 23:49 - 2012-12-28 23:48 - 00013364 ____A C:\Users\Vostro420\Downloads\hijackthis.log 2012-12-28 23:48 - 2012-12-28 23:48 - 00388608 ____A (Trend Micro Inc.) C:\Users\Vostro420\Downloads\HijackThis.exe 2012-12-28 22:58 - 2012-12-28 20:25 - 00081472 ____A C:\Users\Vostro420\Downloads\OTL.Txt 2012-12-28 22:45 - 2012-12-28 20:37 - 00019883 ____A C:\Users\Vostro420\Desktop\dds.txt 2012-12-28 22:34 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2012-12-28 22:18 - 2012-12-28 20:37 - 00018370 ____A C:\Users\Vostro420\Desktop\attach.txt 2012-12-28 22:16 - 2012-12-28 22:16 - 00688992 ____R (Swearware) C:\Users\Vostro420\Downloads\dds.com 2012-12-28 22:09 - 2011-06-22 23:29 - 00039180 ____A C:\Windows\PFRO.log 2012-12-28 21:46 - 2012-12-28 21:46 - 00000000 ____D C:\_OTL 2012-12-28 21:36 - 2012-12-28 20:26 - 00077614 ____A C:\Users\Vostro420\Downloads\Extras.Txt 2012-12-28 21:05 - 2011-06-23 21:06 - 00001945 ____A C:\Windows\epplauncher.mif 2012-12-28 21:03 - 2012-12-28 21:03 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-12-28 21:03 - 2012-01-01 15:47 - 00000000 ____D C:\Windows\System32\appmgmt 2012-12-28 20:19 - 2012-12-28 20:19 - 00602112 ____A (OldTimer Tools) C:\Users\Vostro420\Downloads\OTL.exe 2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\Malwarebytes 2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-12-28 19:58 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore 2012-12-28 19:23 - 2011-06-23 00:37 - 00004856 ____A C:\Users\All Users\hpzinstall.log 2012-12-28 19:16 - 2012-12-27 22:46 - 00000000 ____D C:\Program Files\Common Files\PC Tools 2012-12-28 19:10 - 2011-06-23 00:24 - 00000000 ____D C:\Program Files\Common Files\ACD Systems 2012-12-28 19:07 - 2012-12-27 22:45 - 00000000 ____D C:\Users\All Users\PC Tools 2012-12-27 23:00 - 2012-12-27 23:00 - 01931088 ____A (Symantec Corporation) C:\Users\Vostro420\Downloads\FixTDSS.exe 2012-12-27 23:00 - 2012-12-27 23:00 - 00000000 ____D C:\Program Files\PC Tools 2012-12-27 22:47 - 2012-12-27 22:46 - 01524547 ____A C:\Windows\System32\Drivers\Cat.DB 2012-12-27 22:44 - 2012-12-27 22:44 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\TestApp 2012-12-27 22:43 - 2012-12-27 22:42 - 04166136 ____A (PC Tools) C:\Users\Vostro420\Downloads\spdoc.exe 2012-12-27 22:38 - 2012-12-27 22:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Vostro420\Downloads\tdsskiller.exe 2012-12-27 19:54 - 2012-12-27 19:54 - 00000000 ____D C:\Windows\pss 2012-12-27 12:24 - 2011-06-26 22:50 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\Skype 2012-12-22 09:29 - 2012-12-22 09:29 - 00122880 _RASH C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll 2012-12-21 03:20 - 2009-07-13 20:33 - 01761288 ____A C:\Windows\System32\FNTCACHE.DAT 2012-12-16 06:13 - 2012-12-21 03:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2012-12-16 06:13 - 2012-12-21 03:00 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2012-12-14 16:27 - 2011-06-22 23:05 - 00000000 ____D C:\Users\Vostro420\AppData\Local\Google 2012-12-13 08:25 - 2011-06-22 23:08 - 00002467 ____A C:\Users\Vostro420\Desktop\Google Chrome.lnk 2012-12-13 08:23 - 2012-12-13 08:23 - 00000000 ____D C:\Program Files\Common Files\Skype 2012-12-13 08:23 - 2011-06-26 22:48 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk 2012-12-13 08:23 - 2011-06-26 22:48 - 00000000 ___RD C:\Program Files\Skype 2012-12-13 08:23 - 2011-06-26 22:47 - 00000000 ____D C:\Users\All Users\Skype 2012-12-12 22:44 - 2011-06-23 00:08 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-12-12 22:39 - 2011-06-23 01:41 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-12-11 15:06 - 2012-07-02 09:06 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-12-11 15:06 - 2011-06-22 23:54 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-12-10 14:54 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF 2012-12-10 10:49 - 2012-12-10 10:48 - 00012800 ____A C:\Users\Vostro420\Downloads\bbc829aa9ef74e879b55048ec74287c5.xls 2012-12-03 05:37 - 2011-06-23 00:42 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\HpUpdate 2012-11-30 15:53 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 4094.99 MB Available physical RAM: 3589.27 MB Total Pagefile: 4093.27 MB Available Pagefile: 3589.39 MB Total Virtual: 2047.88 MB Available Virtual: 1944.7 MB ==================== Partitions ============================= 1 Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:190.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive f: () (Removable) (Total:1.88 GB) (Free:1.62 GB) FAT 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: (Data) (Fixed) (Total:931.51 GB) (Free:733.1 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 298 GB 1024 KB Disk 2 Online 1922 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 931 GB 1024 KB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y Data NTFS Partition 931 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 298 GB 40 MB ========================================================= Disk: 1 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ========================================================= Disk: 1 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 298 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1921 MB 16 KB ========================================================= Disk: 2 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FAT Removable 1921 MB Healthy ========================================================= Last Boot: 2012-12-25 00:58 ==================== End Of Log ============================

Based on some other topics about similar issues, I downloaded and ran OTL. Here is OTL.txt: (extras.txt is below). OTL logfile created on: 28/12/2012 8:20:26 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vostro420\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.24% Memory free 6.00 Gb Paging File | 4.46 Gb Available in Paging File | 74.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.05 Gb Total Space | 190.89 Gb Free Space | 64.05% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 733.54 Gb Free Space | 78.75% Space Free | Partition Type: NTFS Computer Name: FB-02-V420 | User Name: Vostro420 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vostro420\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe () PRC - C:\Program Files\Siber Systems\GoodSync\GoodSync.exe () PRC - C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) PRC - C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe (Sage) PRC - C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) PRC - C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a67380b6387234a8a9032ccd5c3dbf4e\System.Runtime.Serialization.Formatters.Soap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll () MOD - C:\Program Files\Siber Systems\GoodSync\GoodSync.exe () MOD - C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll () MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe () ========== Services (SafeList) ========== SRV - (Sage Simply Accounting Transaction Manager 2012 - CDN) -- C:\Program Files\Winsim\TransactionManager2012 File not found SRV - (Sage Simply Accounting Transaction Manager 2011 - CDN) -- C:\Program Files\Winsim\TransactionManager2011 File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (GsServer) -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe () SRV - (Simply Accounting Database Connection Manager) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe (Sage) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation) SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (SIUSBXP) -- C:\Windows\System32\drivers\SiUSBXp.sys (Silicon Laboratories) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (DbgMsg) -- C:\Windows\System32\drivers\DbgMsg.sys (Compuware Corporation - NuMega Lab) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1 IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 7C 5F 02 71 31 CC 01 [binary data] IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GBCA437 IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=CA&ver=4.0.0.1884 IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vostro420\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vostro420\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:46:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:46:23 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vostro420\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Vostro420\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vostro420\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Click to Call = C:\Users\Vostro420\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ACSW14EN] C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionManager] C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage) O4 - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [fvsrrymfan] C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll () O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe () O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [soahkaoqdu] C:\Users\Vostro420\AppData\Roaming\Ehyna\ecfy.exe File not found O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} https://vt.globalpay.com/admin/objects/smsx.cab (MeadCo Extended HTML Printing) O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8115AB82-A9F0-46A3-A2A9-974C3D20D46B}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8a49023a-a762-11e0-b3d0-0024e81653b9}\Shell - "" = AutoRun O33 - MountPoints2\{8a49023a-a762-11e0-b3d0-0024e81653b9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{f2c5d438-2ce7-11e1-aa00-0024e81653b9}\Shell - "" = AutoRun O33 - MountPoints2\{f2c5d438-2ce7-11e1-aa00-0024e81653b9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/28 20:05:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/12/28 20:05:22 | 000,000,000 | ---D | C] -- C:\Users\Vostro420\AppData\Roaming\Malwarebytes [2012/12/28 20:05:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/12/28 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/28 20:05:00 | 000,000,000 | ---D | C] -- C:\Users\Vostro420\AppData\Local\Programs [2012/12/28 19:52:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2012/12/28 19:52:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2012/12/28 19:52:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2012/12/28 19:52:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2012/12/28 19:52:42 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2012/12/28 19:52:41 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2012/12/28 19:52:41 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2012/12/28 19:52:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2012/12/28 19:52:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2012/12/28 19:52:41 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2012/12/28 19:52:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2012/12/28 19:52:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2012/12/28 19:52:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2012/12/28 19:52:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2012/12/28 19:52:40 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2012/12/28 19:51:37 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012/12/28 19:51:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012/12/27 23:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools [2012/12/27 22:46:20 | 000,202,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012/12/27 22:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012/12/27 22:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/12/27 22:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/12/27 22:44:57 | 000,000,000 | ---D | C] -- C:\Users\Vostro420\AppData\Roaming\TestApp [2012/12/27 19:54:02 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/12/21 03:00:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/21 03:00:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/13 08:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/12/13 08:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/12/12 22:43:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/12 22:43:53 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/12 22:43:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/12 22:43:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/12/12 22:43:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/12 22:43:52 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/12/12 22:43:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/12 22:43:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/12/12 05:30:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/12 05:29:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012/12/12 05:29:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012/12/12 05:29:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012/12/12 05:29:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 05:29:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 05:29:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012/12/12 05:29:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012/12/12 05:29:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/12 05:29:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2012/12/28 20:07:59 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/28 20:07:59 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/28 20:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/28 20:04:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/28 20:01:12 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/28 20:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/28 20:00:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2012/12/28 20:00:19 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys [2012/12/28 19:57:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/12/28 19:45:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000UA.job [2012/12/28 08:45:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000Core.job [2012/12/27 22:47:18 | 001,524,547 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2012/12/27 12:53:48 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/27 12:53:48 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/22 09:29:24 | 000,122,880 | RHS- | M] () -- C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll [2012/12/21 03:20:34 | 001,761,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/13 08:25:34 | 000,002,467 | ---- | M] () -- C:\Users\Vostro420\Desktop\Google Chrome.lnk [2012/12/13 08:23:38 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/12/11 15:06:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/12/11 15:06:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/12/27 22:46:25 | 001,524,547 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2012/12/22 09:29:24 | 000,122,880 | RHS- | C] () -- C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll [2012/01/04 18:48:47 | 000,000,017 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\resmon.resmoncfg [2011/12/19 21:42:07 | 000,000,530 | ---- | C] () -- C:\Windows\hpwmdl25.dat.temp [2011/12/08 11:26:29 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{6B726414-3D01-4EFA-9139-FE155B37F036} [2011/11/22 11:25:36 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{E73F65E3-C42B-4B75-BA44-56C74D93858E} [2011/11/09 10:57:24 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{83188971-3CC0-457B-BF22-90BBF6CA98E3} [2011/11/09 10:55:26 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{7CB42929-C11E-4812-8B49-1B587EC4DB9B} [2011/11/09 10:44:00 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{412AE95D-09B4-45AC-B8B3-04F3AE2FEFCB} [2011/07/05 20:33:19 | 000,218,099 | ---- | C] () -- C:\Windows\hpwins25.dat [2011/07/05 20:33:19 | 000,000,530 | ---- | C] () -- C:\Windows\hpwmdl25.dat [2011/07/01 18:08:28 | 000,028,672 | ---- | C] () -- C:\Windows\dbgmsgcfg.dll [2011/06/29 20:49:35 | 000,010,752 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/29 18:30:02 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/06/24 09:15:42 | 000,103,784 | ---- | C] () -- C:\Users\Vostro420\GoToAssistDownloadHelper.exe [2011/06/24 08:28:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/06/23 13:42:23 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/06/23 01:19:19 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2011/06/23 00:42:16 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2011/06/23 00:42:16 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2011/06/22 22:26:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011/02/28 20:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat ========== ZeroAccess Check ========== [2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Extras.txt: OTL Extras logfile created on: 28/12/2012 8:20:26 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vostro420\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.24% Memory free 6.00 Gb Paging File | 4.46 Gb Available in Paging File | 74.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.05 Gb Total Space | 190.89 Gb Free Space | 64.05% Space Free | Partition Type: NTFS Drive D: | 931.51 Gb Total Space | 733.54 Gb Free Space | 78.75% Space Free | Partition Type: NTFS Computer Name: FB-02-V420 | User Name: Vostro420 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 14.Manage] -- "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{096E9346-194F-4DE5-A122-FE9B5C9028E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0BD8F6E5-49AC-446B-ABA5-AFDA9A80C1E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0CDBA45A-E74D-47A5-8BDA-1F8FA02D61A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{298BABBA-1E2A-4AC5-B7C1-17C13699639A}" = rport=138 | protocol=17 | dir=out | app=system | "{29B82D55-63A8-46B5-A264-0E27BD02A4C3}" = rport=137 | protocol=17 | dir=out | app=system | "{2EE8F8D9-8C39-4894-A671-A1B8925507A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{2F32FBE3-18D3-4E25-8EBD-B42C4818618A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3D1DA8FC-92F4-4C5C-8C8F-3D09927BF08B}" = lport=138 | protocol=17 | dir=in | app=system | "{42EDFAE5-DCE9-4545-AD22-396895D3E1A8}" = lport=2869 | protocol=6 | dir=in | app=system | "{4547A0E2-3A4D-4D19-A762-4AF127164DBC}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{45875928-4F5E-438C-9508-EF5542F60704}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CC19175-3A2D-45AE-8C31-5CFB30DA90B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50EF1734-B1C0-46EF-B2CE-E8B207CC1F38}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{581720AB-267A-45B9-A33F-A5D633EA3123}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{585D140C-4140-46D2-99C4-BE4A9842253C}" = rport=445 | protocol=6 | dir=out | app=system | "{65AEEAB8-CC63-4709-828B-4484C2B7D6A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{74EE138E-D29D-43CC-8AE6-C12D52BC5B7A}" = lport=10243 | protocol=6 | dir=in | app=system | "{794EA90F-E0ED-470A-81DE-8BDE0F12C8EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7BB445D4-E5E0-4595-9336-9DC88A239803}" = lport=445 | protocol=6 | dir=in | app=system | "{884E29B3-A664-43FD-9F8B-7AC8F1741AF4}" = rport=139 | protocol=6 | dir=out | app=system | "{8D717933-9322-4AC4-A8D3-665EEB22BD6E}" = rport=10243 | protocol=6 | dir=out | app=system | "{97D512FD-2354-424F-BDBC-27E8F6E9B888}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{99DE1860-CBE7-4B0B-AABE-B39C315DA8BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9D07F810-EFAF-424E-8ECD-B04D6A5236E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B022367A-A5A8-4B9E-95E8-44FEECF1BF34}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C39599AB-27B5-4C1B-AB38-61A7AE022128}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery | "{C7179538-98F9-4036-AE34-6F92FD68188D}" = lport=137 | protocol=17 | dir=in | app=system | "{D8AD03B0-8BF3-4BCA-947A-4D3A22E8DB36}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{DADE80FD-5E93-4DA0-9841-A0075D6DAA56}" = lport=139 | protocol=6 | dir=in | app=system | "{DB3E681D-4265-466E-B057-9738756C4282}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DF7C65E3-A387-4B97-856F-DACF2F23B8E7}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03764A37-E491-4D54-B6EA-0E52A5A88D43}" = protocol=6 | dir=in | app=c:\program files\siber systems\goodsync\gsexplorer.exe | "{04F2B8C8-4B5E-44F6-9783-9176D6AE3577}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0F1B6931-A2F0-49FE-A61A-E16194AD452D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{193F7809-E7F3-464E-98E0-1CC5F74763A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{25199DD4-2A86-41E5-A321-EAD2B59EC8A1}" = dir=in | app=c:\program files\hp\oj7000ve809a_full_14\setup\hpznui01.exe | "{2E1E3768-4EE2-4802-BD6E-FA591082E2D7}" = protocol=17 | dir=in | app=c:\program files\siber systems\goodsync\goodsync.exe | "{2EB9C823-58A6-488B-A75D-96BACAF8FA66}" = protocol=17 | dir=in | app=c:\program files\siber systems\goodsync\gs-server.exe | "{31DAE127-0492-4CE1-A7B3-ABA0D49A4969}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{368E8445-F5C3-4DE9-8268-A3D2B4C1A254}" = protocol=17 | dir=in | app=c:\program files\winsim\connectionmanager\simplyconnectionmanager.exe | "{38BB6A2F-D6CE-434E-9958-9072343C0D55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{422FA990-2A01-4B78-85AA-2DE1D8D26F14}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{45E9AB39-4798-44C1-B075-BF1EF23F18B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4CB319CD-E5D6-40D1-A565-8EFCBBDA89DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{4D436F63-1F73-4066-AB3A-5BD4BB586A76}" = protocol=6 | dir=in | app=c:\program files\winsim\connectionmanager\simplyconnectionmanager.exe | "{4F483385-E70C-4F0B-80CF-C16859D2005A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{50DE242D-0122-47DD-977F-D7252CC24DF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{529EA435-BD13-4D85-8D26-EFFBC5A9AD79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{53ACDC35-0E21-4FBA-9802-311BCC4CE116}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{587AE10F-2306-40C4-9C4D-A26FD0E9AEBA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{5DCA92CD-B7ED-4FA1-8542-D23FF83BC7BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{732FE0CF-4C28-462B-B341-DE8E0F2890DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CC39390-43B6-4C7E-AE21-40699E275590}" = protocol=6 | dir=in | app=c:\program files\siber systems\goodsync\gs-server.exe | "{829C1D97-6704-4AA4-BDB8-4ACB3669AF87}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{8898ADA4-9BE3-427B-90E9-C03960958301}" = protocol=6 | dir=in | app=c:\program files\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqld-nt.exe | "{8B593BC7-E852-4FEA-ADF5-29E79F6CAFCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{8C61E83F-92E9-4CEC-A74C-EC584B50DA8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CAA21F3-E1D5-43D8-9E8B-B6963586C40C}" = protocol=6 | dir=in | app=c:\users\vostro420\appdata\local\temp\7zs11c2\hpdiagnosticcoreui.exe | "{8E7AAD87-5103-475D-BECA-A0B7F068B658}" = protocol=58 | dir=in | app=system | "{904CC9CC-3B76-46F1-9615-E03DB5299BF8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{9171E7B2-4C95-4D44-8408-17010BB7E7E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9FF86533-4E50-4014-9C68-E81437B768A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AB45757D-F77A-4F7E-9537-ADEB5F078183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BFA9E1AB-1099-4603-A779-721CFEF6532C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C133D59C-6C1B-44EE-A1FF-6FACA0D117A4}" = protocol=17 | dir=in | app=c:\users\vostro420\appdata\local\temp\7zs11c2\hpdiagnosticcoreui.exe | "{C7624F54-AAC9-4ADC-B5D3-82E35DFADEEF}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{CA3B5CA6-1F57-44B6-B87F-3A6E1D86AE20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CB777B22-5032-4973-8F48-2EEC49348986}" = protocol=6 | dir=out | app=system | "{E5170E3A-0D65-462B-ABC8-A9DD717E0AF4}" = protocol=17 | dir=in | app=c:\program files\siber systems\goodsync\gsexplorer.exe | "{EE0B3858-D8C7-4B35-AB30-49D370378391}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EE3A57B4-C790-4A13-814D-CB54743ECFB7}" = protocol=17 | dir=in | app=c:\program files\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqld-nt.exe | "{F198D146-4D5A-4437-8045-3220777E418B}" = protocol=6 | dir=in | app=c:\program files\siber systems\goodsync\goodsync.exe | "{F569CC1C-7B76-48DE-8924-7BFAAB4DB389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FCEBB4C3-A825-49CE-99DC-A648E1FB1997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD7B6095-822E-4B7E-984C-6A9CCE1E141E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0B62F8F2-CECF-4ADD-BF8A-4002F3E5A68E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{43BD828D-FB22-4314-B7C5-E69D7C42FB6D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{822C793B-0ABF-486F-9752-3741EC59FCB7}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{98228A38-42B7-49A4-89B1-BF1250E6561F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{A695BE21-8B2A-4518-BFB1-F436F6DC56EC}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\finder.exe | "TCP Query User{BB0C0071-FA02-4995-8935-7C59A4E2C493}C:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | "TCP Query User{CBF5ECF1-1A5B-4AEA-8222-364C7C8688B4}C:\program files\d-link smartconsole utility\d-link smartconsole utility.exe" = protocol=6 | dir=in | app=c:\program files\d-link smartconsole utility\d-link smartconsole utility.exe | "TCP Query User{D0CF725E-5ED4-4881-99F2-FE67FBF46A2C}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | "UDP Query User{364740C6-1519-479A-9793-182DC92FA2EC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4461C023-478D-45A3-B893-5E4F430AC778}C:\program files\d-link smartconsole utility\d-link smartconsole utility.exe" = protocol=17 | dir=in | app=c:\program files\d-link smartconsole utility\d-link smartconsole utility.exe | "UDP Query User{499B12B3-66F3-4B13-AF98-662CBC0E2C9F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{56D9DC60-709C-41A8-B69D-878EB232B62E}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{8FE661CE-6377-44AC-A91E-7FB889BEEEFD}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe | "UDP Query User{974FC5C3-ED57-4CB7-8BC6-68631539E116}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\finder.exe | "UDP Query User{D0845EDC-901C-44F3-B7EC-ECB171C9F842}C:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe | "UDP Query User{F2662721-4BE4-40B7-98AD-C32C49D11156}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3 "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup "{0AFECCA6-61A0-409F-9205-67613984209D}" = Dynex All-in-1 Card Reader "{12C8466B-9E6E-4C0C-BBA3-F05EDF5C8ECA}" = Polar WebLink 2.4.11 "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012 "{2EDDE1F0-62F6-466F-872D-74B7FFB9D35E}" = 7000E809a_eDocs "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder "{34B93189-6DD6-4445-A4F4-32D0D65B57A6}" = MyPhotoCreations "{369B1CE1-6D7B-443A-93D5-637FC67326AB}" = MailingCheck "{37EE481E-E4E9-4F1D-8CEA-4089E8D5280D}" = 7000E809a_Help "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{44E1D9AA-2A0E-48B8-BA26-136C2149C8AD}" = HP Officejet 7000 E809a Series "{4843994F-AE6A-49A7-9A3D-BC40DB16B0D5}" = 7000E809a "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B04142C-F303-46E8-A3E1-BCD37036108D}" = ProductContext "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings "{53AB83B3-9908-44DF-97B5-C107140F26AD}" = Sage Simply Accounting 2011 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3 "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series "{756BCE8E-1AFA-4D74-A704-6E0252665891}" = BPDSoftware_Ini "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{865E1902-B6FE-4AF0-B61D-A82EBC53569E}" = hppSendFaxM1530 "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{C8CABA12-53F4-4721-AA1D-495782D0C309}" = "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9112FEA9-0F64-453C-BEA5-9A782F87EDAA}" = hppTLBXFXM1530 "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings "{99716D64-2AD1-40E0-86F1-EA5DA90E3E0A}" = SendBlaster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A1D53426-D6F3-4886-A72B-E1A8C82259E9}" = hppM1530LaserJetService "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A6CB4C7C-A6ED-45EB-8719-02808CC5A6BB}" = BPDSoftware "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}" = HPLaserJetHelp_LearnCenter "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B562C735-BAB2-473D-AF3C-80D1C8284020}" = D-Link SmartConsole Utility "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}" = HP LJ M1530 MFP Series HP Scan "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C462F75B-9A35-4A84-AE52-E8C9112AAE87}" = hppFaxUtilityM1530 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C7C88E00-129D-4A91-96A0-4338B41A6A48}" = WeatherLink 5.9.2 "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3 "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar Precision Performance SW "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2682E66-3DEF-4066-AD9F-70DDB96CDDCC}" = MeadCo ScriptX (v7.0.0.8 (x86)) "{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51 "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FC7C2707-5E28-4653-8922-CADDD6C439D9}" = WeatherLink 5.9.3 "{FD575F8B-6141-455A-8AE5-F2D2E08520FC}" = hppFaxDrvM1530 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "4336-8086-6854-6034" = EST Desktop 2.0 2.0.1211.0.11 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium "AI RoboForm" = RoboForm 7-8-4-7 (All Users) "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photo Creations" = HP Photo Creations "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{0AFECCA6-61A0-409F-9205-67613984209D}" = Dynex All-in-1 Card Reader "InstallShield_{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012 "InstallShield_{53AB83B3-9908-44DF-97B5-C107140F26AD}" = Sage Simply Accounting 2011 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Office14.OUTLOOK" = Microsoft Outlook 2010 "Picasa 3" = Picasa 3 "QNAP_FINDER" = QNAP Finder "Shop for HP Supplies" = Shop for HP Supplies "SIUSBXP&10C4&EA61" = Silicon Laboratories USBXpress Device (Driver Removal) "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "2f8d25aeed0b3ae4" = Sage Download Manager "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20/09/2012 12:08:47 PM | Computer Name = FB-02-V420 | Source = ThreadLib | ID = 0 Description = Error - 20/09/2012 12:10:49 PM | Computer Name = FB-02-V420 | Source = ThreadLib | ID = 0 Description = Error - 20/09/2012 12:11:31 PM | Computer Name = FB-02-V420 | Source = ThreadLib | ID = 0 Description = Error - 24/09/2012 2:49:07 PM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002 Description = The program SimplyAccounting.exe version 19.0.0.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f00 Start Time: 01cd9a81f690bbea Termination Time: 10 Application Path: C:\Program Files\Sage Simply Accounting Premium 2012\SimplyAccounting.exe Report Id: 64d40604-0678-11e2-9361-0024e81653b9 Error - 24/10/2012 12:13:00 AM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002 Description = The program WINWORD.EXE version 12.0.6662.5003 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c70 Start Time: 01cdb08934bd296f Termination Time: 0 Application Path: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE Report Id: Error - 24/11/2012 12:58:32 PM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1c08 Start Time: 01cdca0607fd5a44 Termination Time: 26 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error - 25/12/2012 2:30:14 AM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1630 Start Time: 01cddf6d47670bed Termination Time: 78 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error - 25/12/2012 2:30:47 AM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 13cc Start Time: 01cddf6d3f9eac28 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error - 28/12/2012 3:30:21 AM | Computer Name = FB-02-V420 | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: hpswp_BHO.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ad4fb6d Exception code: 0xc0000005 Fault offset: 0x0ae370d0 Faulting process id: 0x10c Faulting application start time: 0x01cde4cce775a239 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: hpswp_BHO.dll Report Id: 6f5046b1-50c0-11e2-b6ce-0024e81653b9 Error - 28/12/2012 3:30:21 AM | Computer Name = FB-02-V420 | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: hpswp_BHO.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ad4fb6d Exception code: 0xc0000005 Fault offset: 0x094c70d0 Faulting process id: 0xaf4 Faulting application start time: 0x01cde4cce0c7068d Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: hpswp_BHO.dll Report Id: 6f506dc1-50c0-11e2-b6ce-0024e81653b9 Error - 28/12/2012 4:00:33 AM | Computer Name = FB-02-V420 | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: hpswp_BHO.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ad4fb6d Exception code: 0xc0000005 Fault offset: 0x092470d0 Faulting process id: 0xf80 Faulting application start time: 0x01cde4ce036ea9ad Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: hpswp_BHO.dll Report Id: a76561b2-50c4-11e2-b6ce-0024e81653b9 [ OSession Events ] Error - 30/06/2011 6:16:25 AM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86193 seconds with 720 seconds of active time. This session ended with a crash. Error - 30/10/2011 11:49:06 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash. Error - 18/11/2011 4:21:49 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95502 seconds with 600 seconds of active time. This session ended with a crash. Error - 12/01/2012 4:47:59 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33728 seconds with 120 seconds of active time. This session ended with a crash. Error - 14/08/2012 3:01:06 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 350575 seconds with 11220 seconds of active time. This session ended with a crash. [ System Events ] Error - 19/04/2012 10:21:09 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = Error - 20/04/2012 1:14:36 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = Error - 20/04/2012 1:14:36 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = Error - 20/04/2012 1:14:36 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = Error - 25/04/2012 1:40:09 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = Error - 01/05/2012 3:10:44 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10010 Description = Error - 01/05/2012 3:13:34 PM | Computer Name = FB-02-V420 | Source = volsnap | ID = 393241 Description = The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. Error - 01/05/2012 3:15:00 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = Error - 04/05/2012 1:07:01 AM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = Error - 04/05/2012 3:00:32 AM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016 Description = < End of report >

I have two issues that started at the same time. First, links in Bing and Google are redirected to various sites unrelated to the search. Second, Microsoft Essentials and Windows Defender seem not to be working propertly. When I launch MSE, it appears for a second and then disappears. The icon in the tray also disappears when I hover over it. Defender acts the same way. I rebooted in safe mode and was able to run MSE. Full scan did not find any issues. Downloaded Malwarebytes and did a scan, no issues. Downloaded PCTools and did a scan, no issues. Please help. Thanks. Here is the DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 Run by Vostro420 at 20:36:56 on 2012-12-28 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1616 [GMT -8:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\AERTSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Siber Systems\GoodSync\GoodSync.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Users\Vostro420\Downloads\OTL.exe C:\Windows\notepad.exe C:\Windows\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [Google Update] "c:\users\vostro420\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [GoodSync] "c:\program files\siber systems\goodsync\GoodSync.exe" /min uRun: [soahkaoqdu] c:\users\vostro420\appdata\roaming\ehyna\ecfy.exe uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" uRun: [fvsrrymfan] rundll32 "c:\users\vostro420\appdata\roaming\bitsadmina.dll",Mfhewg mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [ACSW14EN] "c:\program files\acd systems\acdsee\14.0\ACDSeeInTouch2.exe" /pid ACSW14EN mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} - hxxps://vt.globalpay.com/admin/objects/smsx.cab DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{8115AB82-A9F0-46A3-A2A9-974C3D20D46B} : DHCPNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2011-6-22 81920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2011-7-1 18240] R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-1-13 3002808] R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920] R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2009-11-3 14592] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-28 14848] S3 Sage Simply Accounting Transaction Manager 2011 - CDN;Sage Simply Accounting Transaction Manager 2011 - CDN;c:\program files\winsim\transactionmanager2011 - cdn\Sage_SA.TransactionManager.exe [2011-6-7 46408] S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2012-6-8 46440] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-28 49664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-23 1343400] . =============== File Associations =============== . FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-12-29 04:05:22 -------- d-----w- c:\users\vostro420\appdata\roaming\Malwarebytes 2012-12-29 04:05:15 -------- d-----w- c:\programdata\Malwarebytes 2012-12-29 04:05:00 -------- d-----w- c:\users\vostro420\appdata\local\Programs 2012-12-29 03:51:38 247808 ----a-w- c:\windows\system32\schannel.dll 2012-12-29 03:51:37 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2012-12-29 03:51:37 220160 ----a-w- c:\windows\system32\ncrypt.dll 2012-12-29 03:51:37 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-12-29 03:51:37 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2012-12-29 03:51:35 514560 ----a-w- c:\windows\system32\qdvd.dll 2012-12-28 07:00:19 -------- d-----w- c:\program files\PC Tools 2012-12-28 06:46:20 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2012-12-28 06:46:17 -------- d-----w- c:\program files\common files\PC Tools 2012-12-28 06:45:00 -------- d-----w- c:\programdata\PC Tools 2012-12-28 06:44:57 -------- d-----w- c:\users\vostro420\appdata\roaming\TestApp 2012-12-28 03:54:02 -------- d-----w- c:\windows\pss 2012-12-22 17:29:24 122880 --sha-r- c:\users\vostro420\appdata\roaming\bitsadmina.dll 2012-12-21 11:00:44 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 11:00:44 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 13:30:06 2345984 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-12-11 23:06:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-11 23:06:55 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-22 05:13:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-22 05:13:03 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ============= FINISH: 20:37:11.14 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 22/06/2011 11:43:34 PM System Uptime: 28/12/2012 7:59:45 PM (1 hours ago) . Motherboard: Dell Inc. | | 0N185P Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2328/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 190.902 GiB free. D: is FIXED (NTFS) - 932 GiB total, 733.54 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 7000 E809a Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 7000 E809a PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: HP LaserJet M1536dnf MFP Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: Hewlett-Packard Name: HP LaserJet M1536dnf MFP PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer 7000E809a 7000E809a_eDocs 7000E809a_Help ACDSee 14 Add or Remove Adobe Creative Suite 3 Design Premium Adobe Acrobat 8 Professional Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Design Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash CS3 Adobe Flash Player 11 ActiveX Adobe Flash Player 9 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader X (10.1.4) Adobe Setup Adobe SING CS3 Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Bing Bar Bing Rewards Client Installer BPDSoftware BPDSoftware_Ini BufferChm D-Link SmartConsole Utility Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Resource CD DeviceDiscovery Dynex All-in-1 Card Reader EST Desktop 2.0 2.0.1211.0.11 GoodSync Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 HP Customer Participation Program 14.0 HP FWUpdateEDO3 HP Imaging Device Functions 14.0 HP LaserJet Professional M1530 MFP Series HP LJ M1530 MFP Series HP Scan HP Officejet 7000 E809a Series HP Photo Creations HP Product Detection HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPDiagnosticAlert HPLaserJetHelp_LearnCenter HPLJUT hppFaxDrvM1530 hppFaxUtilityM1530 hppLaserJetService hppM1530LaserJetService HPProductAssistant hppSendFaxM1530 hppTLBXFXM1530 HPSSupply hpzTLBXFX I.R.I.S. OCR Java Auto Updater Java 6 Update 37 Logitech Webcam Software MailingCheck MarketResearch MeadCo ScriptX (v7.0.0.8 (x86)) Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Small Business 2007 Microsoft Office Word MUI (English) 2007 Microsoft Outlook 2010 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPhotoCreations MySQL Connector/ODBC 3.51 Network PDF Settings Picasa 3 Polar Precision Performance SW Polar WebLink 2.4.11 ProductContext QNAP Finder Realtek High Definition Audio Driver RoboForm 7-8-4-7 (All Users) Sage Download Manager Sage Simply Accounting 2011 Sage Simply Accounting 2012 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SendBlaster Shop for HP Supplies Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) Silicon Laboratories USBXpress Device (Driver Removal) Skype Click to Call Skype™ 6.0 SmartWebPrinting SolutionCenter Status Toolbox TrayApp Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition WeatherLink 5.9.2 WeatherLink 5.9.3 WebReg Windows Live ID Sign-in Assistant Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 28/12/2012 8:01:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 28/12/2012 8:00:19 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. 28/12/2012 7:07:18 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s). 27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 27/12/2012 7:57:45 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 7:53:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 27/12/2012 11:02:42 PM, Error: PCTCore [280] - 27/12/2012 10:28:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 27/12/2012 10:28:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 27/12/2012 10:28:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 27/12/2012 10:28:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================