[IE browser searches redirect to Newsbusters etc.]

Thanks again for the help, have a beer or two on me!

[IE browser searches redirect to Newsbusters etc.]

I apologize for the delay here. The computer lost the ability to download files from IE or Firefox. I spent an entire morning working on that problem alone, even installing web browsers via flash drive with no improvements. At that point my uncle and I decided that the time invested was exceeding what it would cost to get a new computer to use and then wipe this one and do a fresh install. We were wanting to save Adobe Photoshop and the related files, but decided that it was time to upgrade to the newest version anyway and it was simpler to go with a little more horsepower and a fresh start. I'm going to keep this computer disconnected from my network and use it as reference for the next few weeks, then I'll do a full wipe on the drive to clear whatever infection it has. A fresh install of Win 7 Pro and I've now got a backup incase something crazy happens again.

I apologize again for the slow response here, the last week has been busy. I wish this had been a simpler fix, but it seems that I got one hell of a bug this time. I do thank you for the help. Hopefully the major anivirus groups get this one figured out soon and get it in the protection.

[IE browser searches redirect to Newsbusters etc.]

I know you said not to attach logs but the second TDSS log is too long to post.

[IE browser searches redirect to Newsbusters etc.]

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-01-02 13:44:15

-----------------------------

13:44:15.652 OS Version: Windows x64 6.1.7601 Service Pack 1

13:44:15.652 Number of processors: 4 586 0x170A

13:44:15.652 ComputerName: LBM2-HP UserName: LBM2

13:44:20.846 Initialize success

13:45:10.659 AVAST engine defs: 13010200

13:45:16.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:45:16.696 Disk 0 Vendor: ST332041 HP35 Size: 305245MB BusType: 3

13:45:16.712 Disk 0 MBR read successfully

13:45:16.712 Disk 0 MBR scan

13:45:16.712 Disk 0 Windows 7 default MBR code

13:45:16.727 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048

13:45:16.727 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 296734 MB offset 4194304

13:45:16.758 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 6453 MB offset 611905536

13:45:16.790 Disk 0 scanning C:\Windows\system32\drivers

13:45:36.555 Service scanning

13:45:54.620 Service TmFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys **LOCKED** 32

13:45:54.932 Service TmPreFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys **LOCKED** 32

13:45:57.163 Service VSApiNt C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys **LOCKED** 32

13:46:00.173 Modules scanning

13:46:00.173 Disk 0 trace - called modules:

13:46:00.189 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iastor.sys hal.dll

13:46:00.205 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800521e060]

13:46:00.205 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> [0xfffffa800362ce40]

13:46:00.205 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bb7050]

13:46:16.210 AVAST engine scan C:\Windows

13:46:20.219 Disk 0 MBR has been saved successfully to "C:\Users\LBM2\Desktop\MBR.dat"

13:46:20.235 The log file has been saved successfully to "C:\Users\LBM2\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-01-02 13:44:15

-----------------------------

13:44:15.652 OS Version: Windows x64 6.1.7601 Service Pack 1

13:44:15.652 Number of processors: 4 586 0x170A

13:44:15.652 ComputerName: LBM2-HP UserName: LBM2

13:44:20.846 Initialize success

13:45:10.659 AVAST engine defs: 13010200

13:45:16.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:45:16.696 Disk 0 Vendor: ST332041 HP35 Size: 305245MB BusType: 3

13:45:16.712 Disk 0 MBR read successfully

13:45:16.712 Disk 0 MBR scan

13:45:16.712 Disk 0 Windows 7 default MBR code

13:45:16.727 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 2047 MB offset 2048

13:45:16.727 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 296734 MB offset 4194304

13:45:16.758 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 6453 MB offset 611905536

13:45:16.790 Disk 0 scanning C:\Windows\system32\drivers

13:45:36.555 Service scanning

13:45:54.620 Service TmFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys **LOCKED** 32

13:45:54.932 Service TmPreFilter C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys **LOCKED** 32

13:45:57.163 Service VSApiNt C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys **LOCKED** 32

13:46:00.173 Modules scanning

13:46:00.173 Disk 0 trace - called modules:

13:46:00.189 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iastor.sys hal.dll

13:46:00.205 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800521e060]

13:46:00.205 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> [0xfffffa800362ce40]

13:46:00.205 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bb7050]

13:46:16.210 AVAST engine scan C:\Windows

13:46:20.219 Disk 0 MBR has been saved successfully to "C:\Users\LBM2\Desktop\MBR.dat"

13:46:20.235 The log file has been saved successfully to "C:\Users\LBM2\Desktop\aswMBR.txt"

13:46:21.637 AVAST engine scan C:\Windows\system32

13:50:46.915 AVAST engine scan C:\Windows\system32\drivers

13:51:05.058 AVAST engine scan C:\Users\LBM2

14:00:58.905 AVAST engine scan C:\ProgramData

14:02:46.373 Scan finished successfully

14:04:19.708 Disk 0 MBR has been saved successfully to "C:\Users\LBM2\Desktop\MBR.dat"

14:04:19.739 The log file has been saved successfully to "C:\Users\LBM2\Desktop\aswMBR.txt"

[IE browser searches redirect to Newsbusters etc.]

Both scans completed. Both browsers are still redirecting to newsbusters from various search engines.

TDSS spit out 2 reports, I have both here.

13:37:20.0034 4652 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

13:37:22.0047 4652 ============================================================

13:37:22.0047 4652 Current date / time: 2013/01/02 13:37:22.0047

13:37:22.0047 4652 SystemInfo:

13:37:22.0047 4652

13:37:22.0047 4652 OS Version: 6.1.7601 ServicePack: 1.0

13:37:22.0047 4652 Product type: Workstation

13:37:22.0047 4652 ComputerName: LBM2-HP

13:37:22.0047 4652 UserName: LBM2

13:37:22.0047 4652 Windows directory: C:\Windows

13:37:22.0047 4652 System windows directory: C:\Windows

13:37:22.0047 4652 Running under WOW64

13:37:22.0047 4652 Processor architecture: Intel x64

13:37:22.0047 4652 Number of processors: 4

13:37:22.0047 4652 Page size: 0x1000

13:37:22.0047 4652 Boot type: Normal boot

13:37:22.0047 4652 ============================================================

13:37:22.0359 4652 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:37:22.0359 4652 ============================================================

13:37:22.0359 4652 \Device\Harddisk0\DR0:

13:37:22.0359 4652 MBR partitions:

13:37:22.0359 4652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800

13:37:22.0359 4652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400000, BlocksNum 0x2438F000

13:37:22.0359 4652 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2478F000, BlocksNum 0xC9A800

13:37:22.0359 4652 ============================================================

13:37:22.0390 4652 C: <-> \Device\Harddisk0\DR0\Partition2

13:37:22.0421 4652 D: <-> \Device\Harddisk0\DR0\Partition3

13:37:22.0421 4652 ============================================================

13:37:22.0421 4652 Initialize success

13:37:22.0421 4652 ============================================================

13:37:45.0494 1348 Deinitialize success

[IE browser searches redirect to Newsbusters etc.]

Ok, Adobe Flash Player appears to have been the culprit. I have uninstalled it for now. Also I have disabled all other addons for IE for right now.

Google search and Bing search are redirecting me to Newsbusters in IE every time I try to use a search link. In Firefox, google search results sometimes go to the proper site, sometimes go to ihavenet.com.

[IE browser searches redirect to Newsbusters etc.]

I did the reset. I was about to post that IE was working normally, but it won't do anything now. The homepage reset to msn.com during the reset which is not a problem. I got it to load and was able to go to google.com to do a search. The first search result I clicked on took me to newsbusters.com. Now I try to load IE and the homepage won't even load.

[IE browser searches redirect to Newsbusters etc.]

I have now run Combofix. I've checked IE and it is still functioning as before. I can search from the homepage yahoo.com and search results are shown. When you click on a link, the page goes blank and nothing loads, the back button doesn't work either. The same happened after running the previous scans. I tried searching with Firefox and results come back normally. When I click on a link I'm redirected to ihavenet or newsbusters.

Here is the combofix log:

ComboFix 13-01-01.02 - LBM2 01/01/2013 17:34:46.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3991.2637 [GMT -6:00]

Running from: c:\users\LBM2\Desktop\ComboFix.exe

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((( Files Created from 2012-12-01 to 2013-01-01 )))))))))))))))))))))))))))))))

.

.

2013-01-01 23:40 . 2013-01-01 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-01 21:30 . 2013-01-01 21:30 -------- d-----w- c:\users\LBM2\AppData\Local\Diagnostics

2012-12-31 20:28 . 2009-07-14 01:40 909312 ----a-w- c:\windows\system32\wbem\fastprox.dll

2012-12-31 20:27 . 2009-07-14 01:41 505856 ----a-w- c:\windows\system32\wbem\wbemess.dll

2012-12-31 18:05 . 2012-12-31 18:05 -------- d-----w- c:\program files (x86)\ESET

2012-12-31 13:01 . 2012-12-31 13:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-12-31 13:01 . 2012-12-31 13:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-12-28 20:45 . 2012-12-28 20:45 -------- d-----w- c:\users\LBM2\AppData\Local\Programs

2012-12-21 13:35 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 13:35 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 13:35 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-21 13:35 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 20:25 . 2012-12-14 20:25 -------- d-----w- c:\users\support

2012-12-12 22:03 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll

2012-12-12 22:03 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-12 22:03 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-12 21:28 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 21:28 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 21:28 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-28 13:08 . 2010-08-17 20:26 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-13 17:22 . 2012-04-18 12:03 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-13 17:22 . 2011-08-17 11:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-26 15:08 . 2012-11-26 15:08 226304 ----a-w- c:\windows\system32\elshyph.dll

2012-11-26 15:08 . 2012-11-26 15:08 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2012-11-26 15:08 . 2012-11-26 15:08 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2012-11-26 15:08 . 2012-11-26 15:08 718336 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2012-11-26 15:08 . 2012-11-26 15:08 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-11-26 15:08 . 2012-11-26 15:08 525312 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-26 15:08 . 2012-11-26 15:08 1772032 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-26 15:08 . 2012-11-26 15:08 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2012-11-26 15:08 . 2012-11-26 15:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-11-26 15:08 . 2012-11-26 15:08 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-26 15:08 . 2012-11-26 15:08 135680 ----a-w- c:\windows\SysWow64\wextract.exe

2012-11-26 15:07 . 2012-11-26 15:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-11-26 15:07 . 2012-11-26 15:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-11-26 15:07 . 2012-11-26 15:07 61440 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-11-26 15:07 . 2012-11-26 15:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-11-26 15:07 . 2012-11-26 15:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-11-26 15:07 . 2012-11-26 15:07 361984 ----a-w- c:\windows\SysWow64\html.iec

2012-11-26 15:07 . 2012-11-26 15:07 2882048 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-26 15:07 . 2012-11-26 15:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-11-26 15:07 . 2012-11-26 15:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-26 15:07 . 2012-11-26 15:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2012-11-26 15:07 . 2012-11-26 15:07 111104 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-11-26 15:07 . 2012-11-26 15:07 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-11-26 15:07 . 2012-11-26 15:07 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-11-26 15:07 . 2012-11-26 15:07 81408 ----a-w- c:\windows\system32\icardie.dll

2012-11-26 15:07 . 2012-11-26 15:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2012-11-26 15:07 . 2012-11-26 15:07 53760 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-26 15:07 . 2012-11-26 15:07 50688 ----a-w- c:\windows\system32\ie4uinit.exe

2012-11-26 15:07 . 2012-11-26 15:07 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2012-11-26 15:07 . 2012-11-26 15:07 441856 ----a-w- c:\windows\system32\html.iec

2012-11-26 15:07 . 2012-11-26 15:07 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-11-26 15:07 . 2012-11-26 15:07 281600 ----a-w- c:\windows\system32\dxtrans.dll

2012-11-26 15:07 . 2012-11-26 15:07 2670080 ----a-w- c:\windows\system32\iertutil.dll

2012-11-26 15:07 . 2012-11-26 15:07 2245120 ----a-w- c:\windows\system32\wininet.dll

2012-11-26 15:07 . 2012-11-26 15:07 216576 ----a-w- c:\windows\system32\msls31.dll

2012-11-26 15:07 . 2012-11-26 15:07 197120 ----a-w- c:\windows\system32\msrating.dll

2012-11-26 15:07 . 2012-11-26 15:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-11-26 15:07 . 2012-11-26 15:07 1352192 ----a-w- c:\windows\system32\urlmon.dll

2012-11-26 15:07 . 2012-11-26 15:07 97280 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-26 15:07 . 2012-11-26 15:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-11-26 15:07 . 2012-11-26 15:07 905216 ----a-w- c:\windows\system32\mshtmlmedia.dll

2012-11-26 15:07 . 2012-11-26 15:07 854528 ----a-w- c:\windows\system32\jscript.dll

2012-11-26 15:07 . 2012-11-26 15:07 77312 ----a-w- c:\windows\system32\tdc.ocx

2012-11-26 15:07 . 2012-11-26 15:07 67072 ----a-w- c:\windows\system32\iesetup.dll

2012-11-26 15:07 . 2012-11-26 15:07 62976 ----a-w- c:\windows\system32\pngfilt.dll

2012-11-26 15:07 . 2012-11-26 15:07 603136 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-26 15:07 . 2012-11-26 15:07 593408 ----a-w- c:\windows\system32\vbscript.dll

2012-11-26 15:07 . 2012-11-26 15:07 531456 ----a-w- c:\windows\system32\ieui.dll

2012-11-26 15:07 . 2012-11-26 15:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-11-26 15:07 . 2012-11-26 15:07 51200 ----a-w- c:\windows\system32\imgutil.dll

2012-11-26 15:07 . 2012-11-26 15:07 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-11-26 15:07 . 2012-11-26 15:07 3966976 ----a-w- c:\windows\system32\jscript9.dll

2012-11-26 15:07 . 2012-11-26 15:07 27648 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-26 15:07 . 2012-11-26 15:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2012-11-26 15:07 . 2012-11-26 15:07 247296 ----a-w- c:\windows\system32\webcheck.dll

2012-11-26 15:07 . 2012-11-26 15:07 235008 ----a-w- c:\windows\system32\url.dll

2012-11-26 15:07 . 2012-11-26 15:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-26 15:07 . 2012-11-26 15:07 167424 ----a-w- c:\windows\system32\iexpress.exe

2012-11-26 15:07 . 2012-11-26 15:07 15418368 ----a-w- c:\windows\system32\ieframe.dll

2012-11-26 15:07 . 2012-11-26 15:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-26 15:07 . 2012-11-26 15:07 149504 ----a-w- c:\windows\system32\occache.dll

2012-11-26 15:07 . 2012-11-26 15:07 142848 ----a-w- c:\windows\system32\wextract.exe

2012-11-26 15:07 . 2012-11-26 15:07 13824 ----a-w- c:\windows\system32\mshta.exe

2012-11-26 15:07 . 2012-11-26 15:07 136704 ----a-w- c:\windows\system32\iesysprep.dll

2012-11-26 15:07 . 2012-11-26 15:07 136192 ----a-w- c:\windows\system32\iepeers.dll

2012-11-26 15:07 . 2012-11-26 15:07 136192 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-11-26 15:07 . 2012-11-26 15:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2012-11-26 15:07 . 2012-11-26 15:07 102912 ----a-w- c:\windows\system32\inseng.dll

2012-11-26 15:06 . 2012-11-26 15:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-11-26 15:06 . 2012-11-26 15:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2012-11-26 15:06 . 2012-11-26 15:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2012-11-26 15:06 . 2012-11-26 15:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 3928064 ----a-w- c:\windows\system32\d2d1.dll

2012-11-26 15:06 . 2012-11-26 15:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2012-11-26 15:06 . 2012-11-26 15:06 363008 ----a-w- c:\windows\system32\dxgi.dll

2012-11-26 15:06 . 2012-11-26 15:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2012-11-26 15:06 . 2012-11-26 15:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2012-11-26 15:06 . 2012-11-26 15:06 2434560 ----a-w- c:\windows\system32\d3d10warp.dll

2012-11-26 15:06 . 2012-11-26 15:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2012-11-26 15:06 . 2012-11-26 15:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2012-11-26 15:06 . 2012-11-26 15:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-11-26 15:06 . 2012-11-26 15:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2012-11-26 15:06 . 2012-11-26 15:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-10-08 1484080]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]

[bU]

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 CryptSvc32;Cryptographic Services ;c:\windows\system32\WSManMigrationPlugin32.exe [x]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SCardSvr32;Smart Card ;c:\programdata\imagesp132.exe [x]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-05-07 169472]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 V0560Vid;Creative Live! Cam Optia AF Driver;c:\windows\system32\DRIVERS\V0560Vid.sys [2009-06-16 343360]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-17 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]

S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 200720]

S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2010-03-03 124472]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]

S2 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2012-07-17 344376]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2012-07-17 42808]

S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 339984]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-10-01 281568]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-07-24 56344]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]

S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-02-05 49664]

S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-07-15 595960]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 917768]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:22]

.

2012-12-28 c:\windows\Tasks\HPCeeScheduleForLBM2.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]

.

2013-01-01 c:\windows\Tasks\Rhmbyo.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\LBM2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\LBM2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\LBM2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\LBM2\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-04 162584]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-04 386840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-04 417560]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:\users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-12-13 10:24; {34f16eca-5790-95e4-1d09-264e2f59518e}; c:\users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\extensions\{34f16eca-5790-95e4-1d09-264e2f59518e}

FF - ExtSQL: 2012-12-13 10:24; {46d606b0-a645-11df-981c-0800200c9a66}; c:\users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

FF - ExtSQL: 2012-12-13 10:24; {5C46D283-ABDE-4dce-B83C-08881401921C}; c:\users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-01 17:43:10

ComboFix-quarantined-files.txt 2013-01-01 23:43

ComboFix2.txt 2012-12-31 15:18

.

Pre-Run: 218,014,330,880 bytes free

Post-Run: 217,928,515,584 bytes free

.

- - End Of File - - DD6319DBA9C2B4743212332327CC28B1

[IE browser searches redirect to Newsbusters etc.]

Thanks a ton for the help! I got an email notification that I had a reply to my help request so I turned on this computer today to run the tests you requested. I'm not sure what has changed, but the computer is noticibly more sluggish today than yesterday. Also, when I tried a Firefox search to get to the Malwarebytes forum page I got a redirect to some kind of babylon search. This is a new development. After running the programs you requested, IE will load to yahoo.com and I can do a web search from there. When I click on a link, the page goes blank and never loads anything. Not sure if this is scan related or not.

Just to be clear, I have run AdwCleaner previously and it removed a significant number of items. I searched for the previous log and couldn't find it, I posted here the currect log.

Here are my logs:

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Java 6 Update 30

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

````````Process Check: objlist.exe by Laurent````````

Trend Micro Client Server Security Agent Misc xpupg.exe

Trend Micro Client Server Security Agent pccntupd.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

# AdwCleaner v2.104 - Logfile created 01/01/2013 at 16:07:21

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : LBM2 - LBM2-HP

# Boot Mode : Normal

# Running from : C:\Users\LBM2\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16438

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s2].txt - [666 octets] - [01/01/2013 16:07:21]

########## EOF - C:\AdwCleaner[s2].txt - [725 octets] ##########

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : LBM2 [Admin rights]

Mode : Scan -- Date : 01/01/2013 16:21:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS +++++

--- User ---

[MBR] d10507a6a71586640f75304a3770c5ae

[bSP] 15570c8fbc19eda053e65ba8216f3e27 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 2047 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 4194304 | Size: 296734 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 611905536 | Size: 6453 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01012013_02d1621.txt >>

RKreport[1]_S_01012013_02d1621.txt

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : LBM2 [Admin rights]

Mode : Remove -- Date : 01/01/2013 16:22:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS +++++

--- User ---

[MBR] d10507a6a71586640f75304a3770c5ae

[bSP] 15570c8fbc19eda053e65ba8216f3e27 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 2047 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 4194304 | Size: 296734 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 611905536 | Size: 6453 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_01012013_02d1622.txt >>

RKreport[1]_S_01012013_02d1621.txt ; RKreport[2]_D_01012013_02d1622.txt

[IE browser searches redirect to Newsbusters etc.]

I've been working at correcting this redirect problem for 2 days now. I have found a few trojans and lots of adware, all have been removed by various malware removal programs. But after 2 days of research and work, the problem still presists.

Using Internet Explorer and a search engine such as yahoo.com or google.com causes all search results to redirect to newsbusters.org. Periodically it will redirect to some kind of shopping search site, but its rare and I can't get the name to come up now. Some kind of help whipping this thing would be very much appreciated.

Here are my reports:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 1.6.0_30

Run by LBM2 at 15:29:22 on 2012-12-31

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3991.2326 [GMT -6:00]

.

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Intel\AMT\LMS.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\alg.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe

c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe

c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNTMon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Users\LBM2\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg32.dll

BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Live! Central] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" /mode2

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\LBM2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\LBM2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\LBM2\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: SoftwareSASGeneration = dword:3

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://lb0.luber.com:4343/officescan/console/ClientInstall/WinNTChk.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://lb0.luber.com:4343/officescan/console/ClientInstall/setupini.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://lb0.luber.com:4343/officescan/console/ClientInstall/setup.cab

DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://lb0.luber.com:4343/officescan/console/ClientInstall/RemoveCtrl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://textron.webex.com/client/T26L10NSP49EP10-textron/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.3.105 68.12.16.30 68.1.208.30

TCP: Interfaces\{4195E8C2-93E9-43D1-944A-ED6DD61DD0D5} : DHCPNameServer = 192.168.3.105 68.12.16.30 68.1.208.30

TCP: Interfaces\{4A2F6C34-88F6-410A-8F98-2A447C355C30} : DHCPNameServer = 192.168.3.100 68.238.96.12 68.238.64.12

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - <no file>

SSODL: WebCheck - <orphaned>

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup

x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [OfficeScanNT Monitor] -HideWindow

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\LBM2\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - ExtSQL: 2012-12-13 10:24; {34f16eca-5790-95e4-1d09-264e2f59518e}; C:\Users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\extensions\{34f16eca-5790-95e4-1d09-264e2f59518e}

FF - ExtSQL: 2012-12-13 10:24; {46d606b0-a645-11df-981c-0800200c9a66}; C:\Users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

FF - ExtSQL: 2012-12-13 10:24; {5C46D283-ABDE-4dce-B83C-08881401921C}; C:\Users\LBM2\AppData\Roaming\Mozilla\Firefox\Profiles\jo6hnl2w.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2009-7-15 200720]

R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2010-3-3 124472]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-1-19 297984]

R2 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2010-8-17 379904]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2009-12-4 344376]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2009-12-4 42808]

R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2009-7-15 339984]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-8-17 2066968]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-8-17 281568]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-17 56344]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-8-17 702976]

R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\System32\drivers\livecamv.sys [2012-1-13 49664]

R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [2009-7-15 595960]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-7-15 917768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 CryptSvc32;Cryptographic Services ;C:\Windows\System32\WSManMigrationPlugin32.exe --> C:\Windows\System32\WSManMigrationPlugin32.exe [?]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-12-31 1153368]

S2 SCardSvr32;Smart Card ;C:\ProgramData\imagesp132.exe --> C:\ProgramData\imagesp132.exe [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-1-13 169472]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-6-29 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 V0560Vid;Creative Live! Cam Optia AF Driver;C:\Windows\System32\drivers\V0560Vid.sys [2009-6-16 343360]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"

ShellExec: pdfvista.exe: Open="C:\Program Files (x86)\PDF Complete\pdfvista.exe"

ShellExec: pdfvista.exe: Read="C:\Program Files (x86)\PDF Complete\pdfvista.exe"

.

=============== Created Last 30 ================

.

2012-12-31 20:28:20 909312 ----a-w- C:\Windows\System32\wbem\fastprox.dll

2012-12-31 20:27:07 505856 ----a-w- C:\Windows\System32\wbem\wbemess.dll

2012-12-31 18:05:26 -------- d-----w- C:\Program Files (x86)\ESET

2012-12-31 16:56:32 -------- d-sh--w- C:\$RECYCLE.BIN

2012-12-31 15:55:26 -------- d-----w- C:\Windows\pss

2012-12-31 15:02:30 98816 ----a-w- C:\Windows\sed.exe

2012-12-31 15:02:30 256000 ----a-w- C:\Windows\PEV.exe

2012-12-31 15:02:30 208896 ----a-w- C:\Windows\MBR.exe

2012-12-31 13:01:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-12-31 13:01:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-12-28 20:45:02 -------- d-----w- C:\Users\LBM2\AppData\Local\Programs

2012-12-21 13:35:51 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 13:35:51 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 13:35:51 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 13:35:51 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-12 22:03:49 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-12-12 22:03:49 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2012-12-12 21:28:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-12 21:28:15 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-12 21:28:03 3149824 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2012-12-13 17:22:07 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-13 17:22:07 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-27 20:50:07 131072 --sha-r- C:\Windows\SysWow64\sysprints.dll

2012-11-26 15:08:01 226304 ----a-w- C:\Windows\System32\elshyph.dll

2012-11-26 15:08:01 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll

2012-11-26 15:08:01 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2012-11-26 15:08:00 718336 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2012-11-26 15:08:00 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2012-11-26 15:08:00 525312 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-26 15:08:00 1772032 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-26 15:08:00 158720 ----a-w- C:\Windows\SysWow64\msls31.dll

2012-11-26 15:08:00 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe

2012-11-26 15:08:00 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-26 15:08:00 135680 ----a-w- C:\Windows\SysWow64\wextract.exe

2012-11-26 15:06:52 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

.

============= FINISH: 15:29:46.88 ==============

Second log here:

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/17/2010 10:22:48 AM

System Uptime: 12/31/2012 3:06:50 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 3646h

Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz | XU1 PROCESSOR | 2667/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 290 GiB total, 203.056 GiB free.

D: is FIXED (NTFS) - 6 GiB total, 0.774 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\4&6847F13&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\4&6847F13&0

Service: i8042prt

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

7-Zip 4.65

ActivClient x64

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge 1.0

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Common File Installer

Adobe Community Help

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Professional CS5

Adobe Help Center 1.0

Adobe Illustrator CS2

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS2

Adobe Reader X (10.1.4)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Stock Photos 1.0

Adobe SVG Viewer 3.0

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Advanced Audio FX Engine

Cisco WebEx Meetings

Citrix online plug-in

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (PNA)

Citrix online plug-in (SSON)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Connect

Creative Live! Cam Optia AF (VF0560) Driver (1.01.03.00)

Creative Live! Central

Creative System Information

D3DX10

DHTML Editing Component

Dropbox

File Sanitizer For HP ProtectTools

FileZilla Client 3.5.3

Hewlett-Packard ACLM.NET v1.1.2.0

HP Customer Experience Enhancements

HP SkyRoom

HP Support Assistant

Intel® Graphics Media Accelerator Driver

Intel® Active Management Technology

Itibiti RTC

Java Auto Updater

Java Card Security for HP ProtectTools

Java™ 6 Update 30

Junk Mail filter update

kuler

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft MapPoint North America 2010

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access database engine 2007 (English)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Management Studio Express

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable Package

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

PDF Settings CS5

Photoshop Camera Raw

Picasa 3

Realtek High Definition Audio Driver

Remote Graphics Receiver

Remote Graphics Sender

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Spybot - Search & Destroy

Suite Shared Configuration CS4

Trend Micro Client/Server Security Agent

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 2.0.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wondershare Video Converter Platinum(Build 5.1.3.1)

Yahoo! BrowserPlus 2.9.8

Yahoo! Detect

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

12/31/2012 9:13:29 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.

12/31/2012 9:08:01 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

12/31/2012 3:07:08 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/31/2012 2:04:40 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/31/2012 2:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/31/2012 2:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/31/2012 2:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/31/2012 2:04:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/31/2012 2:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/31/2012 2:04:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vwififlt Wanarpv6 WfpLwf ws2ifsl

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 2:04:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/31/2012 2:04:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

12/31/2012 10:15:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

12/31/2012 1:54:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

12/27/2012 7:58:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.

12/27/2012 7:58:48 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================