Jump to content

Happili Redirect Trojan Troubles


Recommended Posts

Hello Malwarebytes,

100% sure my comp is infected with the happili redirect virus. I am using IE 9 browser, and Google searches redirect to crappy happili. Had the hardest time even being able to visit Malwarebytes.org in IE 9 browser because the virus kept redirecting me to the crappy happili.

Please help me remove this virus from my comp. I have no experience running serious virus removal, temp file cleaners, programs run in safe mode, etc, so please don't be annoyed if I ask many questions before running a Malwarebytes.org expert recommended program.

Thank you in advance for any help!

Link to post
Share on other sites

Hello loislane 1,

You have a browser-redirect malware of some sort ---- it is not a "virus".

What is your Windows version?

What is your antivirus program? and did you do a scan of your system with it?

We must have a preliminary log from your system in order to proceed. Otherwise, it is a no-go.

Please print out, read and follow the directions here, skipping any steps you are unable to complete.

Make sure you select (CLICK on )Follow this topic at the topright corner of this forum-page.

Please Copy & Paste here the contents of MBAM scan log & the DDS logs. Do NOT attach any logs.

Use NOTEPAD to open each log, then Select ALL, then COPY all, and back in a reply-box here, do a Paste

Link to post
Share on other sites

Thank you so much for speedy reply.

Below is MBAM scan log.

I will post the DDS log shortly.

alwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.24.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Emily :: BERRYKIDS-PC [administrator]

4/24/2012 2:52:51 PM

mbam-log-2012-04-24 (14-52-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 325734

Time elapsed: 21 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Here is DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Emily at 15:28:18 on 2012-04-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1188 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\hp\support\hpsysdrv.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Hewlett-Packard\KBD\kbd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [JollyBear] rundll32.exe "c:\users\emily\appdata\local\microsoft\jollybear\ihkpbqo.dll",DllRegisterServer

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"

mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"

mRun: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab

TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

TCP: Interfaces\{611D4670-149B-4053-9713-D1F4F7A58D99} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

AppInit_DLLs: avgrsstx.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-8 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-8 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-8 243152]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-9 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-04-22 23:06:02 123904 ----a-w- c:\programdata\microsoft\windows\drm\CF22.tmp

2012-04-16 22:30:44 111616 ----a-w- c:\programdata\microsoft\windows\drm\92AE.tmp

2012-04-16 07:13:38 110592 ----a-w- c:\programdata\microsoft\windows\drm\2AC2.tmp

2012-04-12 14:52:26 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 14:52:26 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 14:52:26 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 14:52:26 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 14:52:19 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-12 14:52:19 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 03:51:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-04-06 06:03:37 117248 ----a-w- c:\programdata\microsoft\windows\drm\C245.tmp

2012-04-05 08:07:54 117248 ----a-w- c:\programdata\microsoft\windows\drm\7850.tmp

2012-04-03 06:41:00 118272 ----a-w- c:\programdata\microsoft\windows\drm\D118.tmp

2012-03-28 14:32:56 158720 ----a-w- c:\programdata\microsoft\windows\drm\8004.tmp

2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 23:37:18 8673792 ----a-w- c:\programdata\atscie.msi

.

============= FINISH: 15:29:22.86 ===============

Link to post
Share on other sites

MBAM detected nothing. We need to dig some more. I'm going to have you run some other tools & reports.

Since this is Vista, keep in mind that in most cases, you will have to RIGHT-click on the tool and select Run as Administrator.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by Right-Click on it and select Run as Administrator.

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Temporarily disable your AVG so that it does not interfere.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

From RSIT log.txt:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Emily at 2012-04-24 16:25:12

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 121 GB (41%) free of 293 GB

Total RAM: 2942 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:25:28 PM, on 4/24/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\KBD\kbd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Emily\Desktop\RSIT.exe

C:\Program Files\trend micro\Emily.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://movies.netflix.com/WiHome?movieid=70140643

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [updateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [JollyBear] rundll32.exe "C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll",DllRegisterServer

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9631 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-16 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-16 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

"KBD"=C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE [2008-07-21 12288]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-26 13539872]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-26 92704]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

"UpdateP2GoShortCut"=c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdatePDIRShortCut"=c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdatePSTShortCut"=c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2008-09-11 210216]

"TSMAgent"=c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-10-17 1152296]

"CLMLServer for HP TouchSmart"=c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-10-17 189736]

"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200]

"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-09-23 912688]

"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2012-01-26 2077536]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2012-04-04 981680]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]

"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]

"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-12-14 467240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-10-17 972080]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-11-09 39408]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-11-02 8704]

"JollyBear"=C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll [2012-04-23 409600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"msacm.l3codecp"=l3codecp.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-04-24 16:25:12 ----D---- C:\rsit

2012-04-24 16:25:12 ----D---- C:\Program Files\trend micro

2012-04-24 16:20:29 ----D---- C:\Windows\ERDNT

2012-04-24 16:19:26 ----D---- C:\Program Files\ERUNT

2012-04-14 19:31:43 ----SHD---- C:\Config.Msi

2012-04-12 07:54:53 ----A---- C:\Windows\system32\mshtmled.dll

2012-04-12 07:54:53 ----A---- C:\Windows\system32\iertutil.dll

2012-04-12 07:54:52 ----A---- C:\Windows\system32\wininet.dll

2012-04-12 07:54:52 ----A---- C:\Windows\system32\jscript9.dll

2012-04-12 07:54:52 ----A---- C:\Windows\system32\jscript.dll

2012-04-12 07:54:51 ----A---- C:\Windows\system32\urlmon.dll

2012-04-12 07:54:51 ----A---- C:\Windows\system32\url.dll

2012-04-12 07:54:51 ----A---- C:\Windows\system32\jsproxy.dll

2012-04-12 07:54:51 ----A---- C:\Windows\system32\ieui.dll

2012-04-12 07:54:49 ----A---- C:\Windows\system32\ieframe.dll

2012-04-12 07:54:48 ----A---- C:\Windows\system32\mshtml.dll

2012-04-12 07:52:26 ----A---- C:\Windows\system32\wmi.dll

2012-04-12 07:52:26 ----A---- C:\Windows\system32\wintrust.dll

2012-04-12 07:52:26 ----A---- C:\Windows\system32\imagehlp.dll

2012-04-12 07:52:26 ----A---- C:\Windows\system32\drivers\fs_rec.sys

2012-04-12 07:52:19 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-04-12 07:52:19 ----A---- C:\Windows\system32\ntkrnlpa.exe

======List of files/folders modified in the last 1 month======

2012-04-24 16:25:25 ----D---- C:\Windows\Prefetch

2012-04-24 16:25:12 ----RD---- C:\Program Files

2012-04-24 16:25:10 ----D---- C:\Windows\Temp

2012-04-24 16:20:29 ----D---- C:\Windows

2012-04-24 15:27:54 ----D---- C:\Windows\system32\drivers

2012-04-24 08:02:48 ----D---- C:\Windows\system32\drivers\Avg

2012-04-21 19:00:27 ----D---- C:\Windows\Help

2012-04-16 00:08:08 ----SHD---- C:\System Volume Information

2012-04-15 14:17:05 ----D---- C:\Windows\system32\catroot2

2012-04-14 19:32:33 ----SHD---- C:\Windows\Installer

2012-04-12 22:16:27 ----D---- C:\Users\Emily\AppData\Roaming\Audacity

2012-04-12 19:31:15 ----D---- C:\Windows\System32

2012-04-12 19:31:15 ----D---- C:\Windows\inf

2012-04-12 19:31:15 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-04-12 08:23:15 ----D---- C:\Windows\winsxs

2012-04-12 08:10:19 ----D---- C:\Windows\system32\migration

2012-04-12 08:10:19 ----D---- C:\Program Files\Internet Explorer

2012-04-12 08:01:34 ----RSD---- C:\Windows\assembly

2012-04-12 08:01:34 ----D---- C:\Windows\Microsoft.NET

2012-04-12 07:55:03 ----D---- C:\Windows\system32\catroot

2012-04-12 07:45:21 ----A---- C:\Windows\system32\mrt.exe

2012-04-12 07:44:49 ----D---- C:\Program Files\Windows Mail

2012-04-12 07:38:54 ----D---- C:\Windows\ServiceProfiles

2012-04-10 23:55:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-04-02 19:57:16 ----D---- C:\Windows\twain_32

2012-03-30 22:49:32 ----HD---- C:\Windows\msdownld.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2008-07-21 145952]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2011-09-13 29712]

R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2011-05-05 243152]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-12-12 24880]

R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-12-12 26416]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-09-04 8704]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-09-10 980992]

R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-09-10 266752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-09-24 2171672]

R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-26 7478496]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-09-10 661504]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

S3 mbr;mbr; \??\C:\Users\Emily\AppData\Local\Temp\mbr.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]

S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-07-21 133152]

S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]

R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-26 118784]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-09-04 403968]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-09 136176]

S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-09-30 246520]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-09 136176]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-09 182768]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Link to post
Share on other sites

From RSIT info.txt:

info.txt logfile of random's system information tool 1.09 2012-04-24 16:25:30

======Uninstall list======

-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Big City Adventures San Francisco\Uninstall.exe"

-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"

-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"

-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"

-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"

-->"C:\Program Files\HP Games\Dream Chronicles 2\Uninstall.exe"

-->"C:\Program Files\HP Games\Family Feud 3\Uninstall.exe"

-->"C:\Program Files\HP Games\FATE\Uninstall.exe"

-->"C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"

-->"C:\Program Files\HP Games\JoJo's Fashion Show\Uninstall.exe"

-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"

-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"

-->"C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"

-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"

-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"

-->"C:\Program Files\HP Games\Poker Superstars III\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"

-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"

-->"C:\Program Files\HP Games\The Hidden Object Game Show\Uninstall.exe"

-->"C:\Program Files\HP Games\The Price is Right\Uninstall.exe"

-->"C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe"

-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"

-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"

-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"

-->"C:\Program Files\HP Games\Wheel of Fortune 2\Uninstall.exe"

-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"

ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex

Adobe Reader 9.5.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}

Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}

Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"

AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL

Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}

Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

Celtx (2.5)-->C:\Program Files\Celtx\uninstall\helper.exe

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall

CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall

Enhanced Multimedia Keyboard Solution-->C:\Program Files\Hewlett-Packard\KBD\Install.exe /u

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

GIMP 2.6.9-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64B9E2F5-558E-4C56-B419-A1679518F6E7}\setup.exe" -l0x9 -removeonly

HP Demo-->MsiExec.exe /X{A2016015-8323-4AF8-8B3E-F56239D7D59D}

HP Games-->"C:\Program Files\HP Games\Uninstall.exe"

HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall

HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall

HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall

HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS

HP MediaSmart SmartMenu-->MsiExec.exe /I{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}

HP Picasso Media Center Add-In-->MsiExec.exe /X{03BF5CB1-B72E-4CA6-A278-F65680F05420}

HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}

HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}

HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38058455-8C21-4C2F-B2F6-14ED166039CB}\setup.exe" -l0x9 -removeonly

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

iTunes-->MsiExec.exe /I{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Juno Preloader-->MsiExec.exe /X{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}

LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall

LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall

LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"

LightScribe System Software 1.14.25.1-->MsiExec.exe /X{DA9DAC64-C947-47BA-B411-8A1959B177CF}

LightScribe Template Labeler-->MsiExec.exe /X{5BD0CB24-11AF-4BA8-A198-38D25257C656}

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

muvee Reveal-->MsiExec.exe /X{19506BDB-4EA7-491F-E8AB-E97109FDB296}

Network Magic-->C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall

NetZero Preloader-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}

Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

Pizza Chef-->"C:\Program Files\HP Games\Pizza Chef\Uninstall.exe"

Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall

Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall

Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}

QuickTime-->MsiExec.exe /I{C9E14402-3631-4182-B377-6B0DFB1C0339}

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF

SPORE Creature Creator Trial Edition-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

VoiceOver Kit-->MsiExec.exe /I{7C5B4583-7CBF-4289-B195-03B553959DEA}

WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}

Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

=====Application event log=====

Computer Name: BerryKids-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 69463

Source Name: Bonjour Service

Time Written: 20110312171544.000000-000

Event Type: Error

User:

Computer Name: BerryKids-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 3120

Record Number: 69462

Source Name: Bonjour Service

Time Written: 20110312171543.000000-000

Event Type: Error

User:

Computer Name: BerryKids-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 3120

Record Number: 69461

Source Name: Bonjour Service

Time Written: 20110312171543.000000-000

Event Type: Error

User:

Computer Name: BerryKids-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 69460

Source Name: Bonjour Service

Time Written: 20110312171543.000000-000

Event Type: Error

User:

Computer Name: BerryKids-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 2059

Record Number: 69459

Source Name: Bonjour Service

Time Written: 20110312171542.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: BerryKids-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: BERRYKIDS-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x2e8

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 62539

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110627033308.754205-000

Event Type: Audit Success

User:

Computer Name: BerryKids-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x20596

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 62538

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110627033259.544199-000

Event Type: Audit Success

User:

Computer Name: BerryKids-PC

Event Code: 5024

Message: The Windows Firewall Service has started successfully.

Record Number: 62537

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110627033259.091796-000

Event Type: Audit Success

User:

Computer Name: BerryKids-PC

Event Code: 5033

Message: The Windows Firewall Driver has started successfully.

Record Number: 62536

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110627033258.654993-000

Event Type: Audit Success

User:

Computer Name: BerryKids-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 62535

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110627033258.233790-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6b02

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"OnlineServices"=Online Services

"Platform"=HPD

"PCBRAND"=Pavilion

"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

"asl.log"=Destination=file;OnFirstLog=command,environment,parent

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

From Checkup.txt:

Results of screen317's Security Check version 0.99.24

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Free 9.0

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

AVG9 successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 29

Java 6 Update 7

Out of date Java installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

Link to post
Share on other sites

Log from Bitdefender:

QuickScan 32-bit v0.9.9.114

---------------------------

Scan date: Tue Apr 24 16:46:02 2012

Machine ID: BCCCC4AC

No infection found.

-------------------

Processes

---------

hpwuSchd Application 4068 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

AVG Internet Security 640 C:\Program Files\AVG\AVG9\avgchsvx.exe

AVG Internet Security 832 C:\Program Files\AVG\AVG9\avgcsrvx.exe

AVG Internet Security 3212 C:\Program Files\AVG\AVG9\avgcsrvx.exe

AVG Internet Security 2944 C:\Program Files\AVG\AVG9\avgemc.exe

AVG Internet Security 2992 C:\Program Files\AVG\AVG9\avgnsx.exe

AVG Internet Security 648 C:\Program Files\AVG\AVG9\avgrsx.exe

AVG Internet Security 4080 C:\Program Files\AVG\AVG9\avgtray.exe

AVG Internet Security 2196 C:\Program Files\AVG\AVG9\avgwdsvc.exe

Bing Bar 2464 C:\Program Files\Microsoft\BingBar\SeaPort.EXE

Bonjour 2220 C:\Program Files\Bonjour\mDNSResponder.exe

CyberLink MediaLibray Service 4024 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

CyberLink PowerCinema 3996 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

Hewlett-Packard Company KBD EXE 6024 C:\Program Files\Hewlett-Packard\KBD\kbd.exe

HP DVDSmart 4040 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

HP Health Check Service 5880 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

HP MediaSmart 4048 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

hpsysdrv Application 3828 C:\hp\support\hpsysdrv.exe

iTunes 2320 C:\Program Files\iPod\bin\iPodService.exe

iTunes 2148 C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 2020 C:\Program Files\Common Files\Java\Java Update\jusched.exe

LightScribe 2264 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

Microsoft® Windows® Operating System 2592 C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System 784 C:\Windows\explorer.exe

Microsoft® Windows® Operating System 568 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 628 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 724 C:\Windows\System32\lsass.exe

Microsoft® Windows® Operating System 3852 C:\Windows\System32\rundll32.exe

Microsoft® Windows® Operating System 1672 C:\Windows\System32\rundll32.exe

Microsoft® Windows® Operating System 3228 C:\Windows\System32\rundll32.exe

Microsoft® Windows® Operating System 712 C:\Windows\System32\services.exe

Microsoft® Windows® Operating System 1516 C:\Windows\System32\SLsvc.exe

Microsoft® Windows® Operating System 472 C:\Windows\System32\smss.exe

Microsoft® Windows® Operating System 1924 C:\Windows\System32\spoolsv.exe

Microsoft® Windows® Operating System 1836 C:\Windows\System32\taskeng.exe

Microsoft® Windows® Operating System 880 C:\Windows\System32\taskeng.exe

Microsoft® Windows® Operating System 620 C:\Windows\System32\wininit.exe

Microsoft® Windows® Operating System 812 C:\Windows\System32\winlogon.exe

Microsoft® Windows® Operating System 2840 C:\Windows\System32\WUDFHost.exe

MobileDeviceService 2160 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

NVIDIA Driver Helper Service, Version 1 1144 C:\Windows\System32\nvvsvc.exe

Pure Networks Platform 2440 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

Pure Networks Platform 2740 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

SoftK56 Modem Driver 2700 C:\Windows\System32\drivers\XAudio.exe

Windows® Internet Explorer 2260 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 6132 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Search 4232 C:\Windows\System32\SearchFilterHost.exe

Windows® Search 3352 C:\Windows\System32\SearchProtocolHost.exe

Windows® Search 5012 C:\Windows\System32\SearchProtocolHost.exe

(verified) Microsoft® .NET Framework 4336 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(verified) Microsoft® Windows® Operating System 3152 C:\Windows\ehome\ehmsas.exe

(verified) Microsoft® Windows® Operating System 3040 C:\Windows\ehome\ehtray.exe

(verified) Microsoft® Windows® Operating System 324 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 732 C:\Windows\System32\lsm.exe

(verified) Microsoft® Windows® Operating System 2452 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2500 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2572 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1948 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1704 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1364 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1340 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1308 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1172 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1560 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1092 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 4480 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1496 C:\Windows\System32\svchost.exe

(verified) Windows® Search 2600 C:\Windows\System32\SearchIndexer.exe

Network activity

----------------

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 50.19.84.91

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 50.19.84.91

Process iexplore.exe (2260) connected on port 443 (HTTP over SSL) --> 184.73.207.132

Process iexplore.exe (2260) connected on port 443 (HTTP over SSL) --> 184.73.207.132

Process iexplore.exe (2260) connected on port 443 (HTTP over SSL) --> 208.111.157.250

Process iexplore.exe (2260) connected on port 443 (HTTP over SSL) --> 208.111.157.250

Process iexplore.exe (2260) connected on port 443 (HTTP over SSL) --> 184.73.207.132

Process iexplore.exe (2260) connected on port 443 (HTTP over SSL) --> 184.73.207.132

Process iexplore.exe (2260) connected on port 443 (HTTP over SSL) --> 184.73.207.132

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 23.1.175.139

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 205.241.224.115

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 205.241.224.115

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 209.85.225.100

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 209.85.225.100

Process iexplore.exe (2260) connected on port 80 (HTTP) --> 37.59.67.149

Process wininit.exe (620) listens on ports: 49152 (RPC)

Process services.exe (712) listens on ports: 49158 (RPC)

Process lsass.exe (724) listens on ports: 49155 (RPC)

Process svchost.exe (1172) listens on ports: 135 (RPC)

Process svchost.exe (1308) listens on ports: 49153 (RPC)

Process svchost.exe (1364) listens on ports: 49154 (RPC)

Process nmsrvc.exe (2740) listens on ports: 1196

Autoruns and critical files

---------------------------

hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

ASUS Filter Effect Dynamic Link Library C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll

AVG Internet Security C:\Program Files\AVG\AVG9\avgtray.exe

AVG Internet Security C:\Windows\system32\avgrsstx.dll

CyberLink MediaLibray Service C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

CyberLink PowerCinema C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

HP DVDSmart C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

HP Health Check Scheduler c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HP MediaSmart C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

HP Total Care Advisor C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

hpsysdrv Application C:\hp\support\hpsysdrv.exe

Internet Explorer C:\Program Files\Internet Explorer

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Kbd Stub C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE

Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

Microsoft® Windows® Operating System C:\Windows\system32\logon.scr

Network Magic C:\Program Files\Pure Networks\Network Magic\nmapp.exe

NVIDIA Compatible Windows Vista Display C:\Windows\system32\NvCpl.dll

NVIDIA Media Center Library C:\Windows\system32\NvMcTray.dll

Pure Networks Platform C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

QuickTime C:\Program Files\QuickTime\QTTask.exe

StartMen Application c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe

StartMen Application c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

StartMen Application c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

Windows® Internet Explorer c:\windows\system32\webcheck.dll

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) Windows Defender C:\Program Files\Windows Defender\MSASCui.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

AVG Internet Security C:\Program Files\AVG\AVG9\avgssie.dll

Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll

Google Update C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MSN Photo Upload Control C:\Windows\Downloaded Program Files\PURen-us.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

Unity Player C:\Users\Emily\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

Windows Live Photo Upload Control C:\Windows\Downloaded Program Files\MsnPUpld.dll

Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\Windows\System32\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Missing files

-------------

File not found: "c:\program files\microsoft\bingbar\bingext.dll"

--> HKLM\Software\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\InprocServer32\"(default)"

--> HKLM\Software\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\InprocServer32\"(default)"

Scan

----

MD5: 9a4322ee420d6facd4d4b1ff6cb856b1 C:\hp\support\hpsysdrv.exe

MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: c98ff6c440e8967251f59c7919b505a1 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: 25d18be0e181c9e8c38973a3b2111d7f C:\Program Files\AVG\AVG9\avgapix.dll

MD5: 14722a961dd3f3862335ca2656a45ded C:\Program Files\AVG\AVG9\avgcclix.dll

MD5: 6060390ac5b9f7ec2e62b1eb2d5d50c6 C:\Program Files\AVG\AVG9\avgcfgx.dll

MD5: 05573096e8c9574ac733114d74fb2ecd C:\Program Files\AVG\AVG9\avgchclx.dll

MD5: e9dc2ece7a0c77821b2c6364086f239b C:\Program Files\AVG\AVG9\avgchjwx.dll

MD5: c4bd9b642be1f65663b34fbad79ffab2 C:\Program Files\AVG\AVG9\avgclitx.dll

MD5: f5f6028248ef336c221bf19519502c0e C:\Program Files\AVG\AVG9\avgcorex.dll

MD5: a43e97f3ff01b6f0a21c848454e98c13 C:\Program Files\AVG\AVG9\avgcslx.dll

MD5: 737a5253008be7f12acedd6876f24b4b C:\Program Files\AVG\AVG9\avgcsrvx.exe

MD5: 24192e5f8af8692837e7b76041666646 C:\Program Files\AVG\AVG9\avglogx.dll

MD5: 4728d3bc556d677591797d600c47467c C:\Program Files\AVG\AVG9\avgnsx.exe

MD5: 0f80a1a931a25a39a6f339fbd001bf3f C:\Program Files\AVG\AVG9\avgsched.dll

MD5: 7c0d60ceb9d710b70d50fcad7955f406 C:\Program Files\AVG\AVG9\avgsrmx.dll

MD5: 7f18c04f815ddcbeb9e836756cafc479 C:\Program Files\AVG\AVG9\avgssie.dll

MD5: 29fb6ef1efb1357e2883fe297f1ebc31 C:\Program Files\AVG\AVG9\avgtray.exe

MD5: 1f26374dad19022a69a1c8062431d152 C:\Program Files\AVG\AVG9\avgwd.dll

MD5: a4366a74809a0c5f4e8a25d3df8d4356 C:\Program Files\AVG\AVG9\avgxpl.dll

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe

MD5: c47f17aa10348d7f8cf2f8b8f04ff0b8 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 885ba7ae8f650e7d7bcb5b966e00ddce C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 60c079cb2150760263d1fe5ff6218961 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll

MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: 5d76c8cc87d0efbe0b4a3bef6b67ebf0 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: 6fe3e3a215e55c76a811b9b56a5aeb09 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: a3609397ef273b03295dbb10274be12c C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll

MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll

MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe

MD5: 5f0404be177a1531acb4f942c6be996b c:\Program Files\Common Files\LightScribe\LSLog.dll

MD5: 806979d2266b9459a258cfd45ac59880 c:\Program Files\Common Files\LightScribe\LSSProxy.dll

MD5: e75adcfafdef3f4c3af3332928d59926 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

MD5: 47bf639fe41cb8f42ef90a35b17e52aa C:\Program Files\Common Files\Pure Networks Shared\Platform\11.1.8350.0.nmcorePS.dll

MD5: 1901f91f4dec31d347311f73e0cfa57b C:\Program Files\Common Files\Pure Networks Shared\Platform\11.1.8350.0.nmctxtPS.dll

MD5: 181c1c01ade014d1fc07e7059b561cf4 C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll

MD5: cabd1f061fcc85b7fe9c41b770267ee3 C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll

MD5: 8b527d12cc8ad4f69948af2ad933ff23 C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\PLATFORM\FWManager.dll

MD5: 8e16ec867b03299c3fd7052e9aee6773 C:\Program Files\Common Files\Pure Networks Shared\Platform\Linksys.dll

MD5: 0a556a9fbc0ac94c71e05b71511e1fd8 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmagnt.dll

MD5: 3f6efa8d177406eb699848cbed01a8b4 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmcore.dll

MD5: 45abe96eb97ccba803ac40938658dcc2 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxt.dll

MD5: d6633a7a634e6803cb13543808b4c935 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

MD5: bef97cb1769a9c37088d179dbaebeb03 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxthl.dll

MD5: 15e8efdd966bbb033d8c5972c0360b21 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmrasv.dll

MD5: 8a6566068b45eee9f91c4360504e6965 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll

MD5: f8ae1640e85260342cd7937e0035be5a C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll

MD5: 5b97ab550022b2783894c558fa2e1310 c:\program files\google\google toolbar\googletoolbar_32.dll

MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

MD5: fc800970df7cb4c535520c9b94a57c28 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

MD5: ae37f6508716d2dd6122744c46686bec c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

MD5: a19b0bb5a7eb6df2dd4a0711d36955ee C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

MD5: 73a8a77c927777128fff8fd4ff1d1bb5 C:\Program Files\Hewlett-Packard\HP MediaSmart\HPShared32.dll

MD5: 697a263ade713ad8ccee242cd3045e59 C:\Program Files\Hewlett-Packard\HP MediaSmart\ShareVol32.dll

MD5: c18dad67061885ae0d8bea58726ea921 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

MD5: 51ec72b7578859c972b9a970df749dd1 C:\Program Files\Hewlett-Packard\KBD\cfg.dll

MD5: ddb1c559e36063532ed1cbc101c17da3 C:\Program Files\Hewlett-Packard\KBD\kbd.exe

MD5: 7d8029921cbbdf4edddacf0021ef24d8 C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE

MD5: f68a3f0d63be926ed65ed1c8c5b03a3d C:\Program Files\Hewlett-Packard\KBD\led.dll

MD5: 0abfbce75866ee010fd1b6813df1ec3e C:\Program Files\Hewlett-Packard\KBD\msg.dll

MD5: ad9cd2f7f113076b0e2de14473b8eca5 C:\Program Files\Hewlett-Packard\KBD\MSIKBDIF.DLL

MD5: 44aec55b120a53a362d22a59c90ce604 C:\Program Files\Hewlett-Packard\KBD\Onl.dll

MD5: 0561de1f7d0d8ba1460719ec4781d496 C:\Program Files\Hewlett-Packard\KBD\OSD.DLL

MD5: 57b9c15d42fbdea27a081ab7f182d041 C:\Program Files\Hewlett-Packard\KBD\PS2.dll

MD5: 63eb7cb031056e43792a1d2910a79de1 C:\Program Files\Hewlett-Packard\KBD\sct.dll

MD5: f21e49604278f016cedbd03dcd182111 C:\Program Files\Hewlett-Packard\KBD\usb.dll

MD5: bdfde977f5e88a539187aef24ded7c40 c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl

MD5: f7ea1baed492c634c96d5544ab0d3bb9 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

MD5: a14eb746d38210f812778b746a997b30 C:\Program Files\Hewlett-Packard\Media\DVD\Kernel\Common\CLRCEngine3.dll

MD5: 964a8c3bc1a1e550cebb4d082ed7ff03 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

MD5: 3213677e9b81f7644b6c143bc8580d5c C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

MD5: 0ebef02cd8955e6105d71b7fab54ad06 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\Common\CLRCEngine3.dll

MD5: 99dfef65c3c54dd562711bff1ca76b97 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

MD5: 551d463e4cceb5240234da6718c93a44 C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

MD5: 21293443961a4e2597453ee7a9347f22 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 92cb47a8dc9427d8f406aaf84384adf2 C:\Program Files\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files\Internet Explorer\iexplore.exe

MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 49918803b661367023bf325cf602afdc C:\Program Files\iPod\bin\iPodService.exe

MD5: a0b7fc085b98dbbc995f6b35cb50280f C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 9b7c7a89c8bec0a8df3dbef3291b2cf7 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files\iTunes\iTunesHelper.dll

MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files\iTunes\iTunesHelper.exe

MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: dc365b6e595683f67bc21a203432e336 C:\Program Files\Java\jre6\bin\jp2ssv.dll

MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 64ac3f7547f15ff76f6aa60239532bd5 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

MD5: 55b8c7b701c4d1b0c479f3ffea83850f C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: 825f81a6f7dd073509db101f0ba6dc59 C:\Program Files\Microsoft\BingBar\BBSvc.EXE

MD5: 23063e74bfa3a110d9e39916cb05974e C:\Program Files\Microsoft\BingBar\BingExt.dll

MD5: 1b23409d62a7d88df6669cedcc7ee2f2 C:\Program Files\Microsoft\BingBar\DefMgr.DLL

MD5: cc781378e7eda615d2cdca3b17829fa4 C:\Program Files\Microsoft\BingBar\SeaPort.EXE

MD5: 1bdca33e9836c9e081bd39c4827a50f3 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

MD5: 8765b769276faf02b3c1f85d63a45a20 C:\Program Files\Pure Networks\Network Magic\nmrsrc.dll

MD5: 4fd8127f73892b7466acbc8f9e325321 C:\Program Files\Pure Networks\Network Magic\nmspce2.dll

MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files\QuickTime\QTTask.exe

MD5: 34f8ecb55579bbbced8b39f0e448700c C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll

MD5: a63259925adb2a1181c712513ebfb8ed C:\Users\Emily\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

MD5: d6804f089cbb6749e95124e7c4d80900 C:\Windows\AppPatch\AcLayers.DLL

MD5: ccd8a1842b7b61eab6d27bbd1e73872d C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MD5: fc4ab29b5c04d4ded6783a49d430682e C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1671f615c43f023007af09562cf24be2\Microsoft.VisualBasic.ni.dll

MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MD5: 0368405063f4d418748c89de76df6056 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll

MD5: 9755a2eb564287d3c8cf9639d746b586 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\bed862dc1b6ba4eb085a645d0df2873b\PresentationFontCache.ni.exe

MD5: 7dff7796af8fbf89ffd9e1ceca1f910c C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll

MD5: db26005d7ec9977b323b4c21df6ef73d C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll

MD5: 22ddc71d46da59543544dcdffb12419a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll

MD5: 80bafb07cf325f12bfec0e1a8f9c77a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll

MD5: 1d3314596c1813556f1fd451f548b441 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll

MD5: 315e0f6f1f8b1494c37a99ba250007c9 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll

MD5: e2eda964469639cf38b71a5391afb2fe C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86f6e2383ca898849c321080b32b66f8\System.ServiceProcess.ni.dll

MD5: 3d30be37fd2a5ba259f7b085badf25d2 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll

MD5: d06ebee2f132c474129e773b8acce5fd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll

MD5: 16449b83b5e91af1e712e2049dc0b98b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll

MD5: e60cd8df35eb4a9c952af381fef51af3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MD5: 2ab4f7cd23069cbb6b8332ef8027360b C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll

MD5: 03f57e8a00774d831926dac89b21bb2d C:\Windows\Downloaded Program Files\PURen-us.dll

MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:\Windows\Downloaded Program Files\qsax.dll

MD5: 6717ae12e326dd1e39f6ee183a37dc0f C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: ee59d3cdfab2e808551084165c7887bf C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: ac47b55b38d626b678897f195793ecab C:\Windows\system32\Adobe\Director\np32dsw.dll

MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\System32\adsldpc.dll

MD5: 031da76a5a7dc13f015dd3491394865e C:\Windows\system32\advpack.dll

MD5: f31eebc1a1c81fd04005489cc3dcdfe7 C:\Windows\system32\basesrv.dll

MD5: f21f255b91ca4f04e4250decd2067cbb c:\windows\system32\bitsperf.dll

MD5: d333058925ce305e39de8d5ad2b52a46 C:\Windows\system32\CLUSAPI.DLL

MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe

MD5: 491ef9db60f011bac771431f8049ab89 C:\Windows\system32\CmdLineExt.dll

MD5: 7f15b4953378c8b5161d65c26d5fed4d C:\Windows\system32\cngaudit.dll

MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\System32\credui.dll

MD5: 187076dd5d8d4d5d23079d0741195ead C:\Windows\system32\CSRSRV.dll

MD5: abca209eba02cb59233614db83b4f50d C:\Windows\System32\csrss.exe

MD5: 22bfd03df51065a9ed8d17f8fb72296b C:\WINDOWS\system32\ctfmon.exe

MD5: 17f41229e141db1412a3b174a567d71e C:\Windows\system32\d2d1.dll

MD5: 8b02d2ecc7ef6e1f6af08459e3f741f6 C:\Windows\system32\d3d10.dll

MD5: 1c0e15ea80a815494c0a3d471c823ccf C:\Windows\system32\d3d10_1.dll

MD5: 8f14591f6dc35192e2844306a12d41ff C:\Windows\system32\d3d10_1core.dll

MD5: 9c7094f537782a82b6a29b4a7172e180 C:\Windows\system32\d3d10core.dll

MD5: 04802864f51046e93471083a24469ace C:\Windows\system32\D3D10Level9.dll

MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll

MD5: 57d762f6f5974af0da2be88a3349baaa c:\windows\system32\dnsrslvr.dll

MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll

MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys

MD5: 80ff2b1b7eeda966394f0baa895bbf4b C:\Windows\System32\Drivers\avgmfx86.sys

MD5: 9a7a93388f503a34e7339ae7f9997449 C:\Windows\System32\Drivers\avgtdix.sys

MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys

MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys

MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys

MD5: 0869c31e0ff995bf00628af8c1658e26 C:\Windows\system32\DRIVERS\HSX_CNXT.sys

MD5: 78c88781fbd2fdd3bcba09f58897fe45 C:\Windows\system32\DRIVERS\HSX_DP.sys

MD5: 1e289f978d1e6f11db88d4fcb2f9d92f C:\Windows\system32\DRIVERS\HSXHWBS2.sys

MD5: 2b2f1638466e8cb091400c9019cc730e C:\Windows\System32\Drivers\ksecdd.sys

MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys

MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys

MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys

MD5: 7bc6fb1f3aa696944ceb46d038fa90ed C:\Windows\system32\DRIVERS\nvlddmkm.sys

MD5: d958a2b5f6ad5c3b8ccdc4d7da62466c C:\Windows\system32\DRIVERS\nvmfdx32.sys

MD5: 085e88101d0d4b321abf9c7e2b6ee99d C:\Windows\system32\drivers\nvrd32.sys

MD5: 62754e376185eacbb73d06fea0ffc54a C:\Windows\system32\drivers\nvsmu.sys

MD5: 1199b2052f7861c1d39c2318e70904c9 C:\Windows\system32\DRIVERS\nvstor32.sys

MD5: 1636d43f10416aeb483bc6001097b26c C:\Windows\system32\drivers\pciide.sys

MD5: 63200893c9d5934a7504d20f68276cc7 C:\Windows\system32\DRIVERS\pnarp.sys

MD5: 390c204ced3785609ab24e9c52054a84 C:\Windows\system32\DRIVERS\PS2.sys

MD5: 748bcab4eff5959ed347c05a1c1a0af8 C:\Windows\system32\DRIVERS\purendis.sys

MD5: 0e70e4485f0ed782248e26353a08d312 C:\Windows\system32\drivers\RTKVHDA.sys

MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys

MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys

MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys

MD5: 751e66eb32efa80633b80f5d7ff0a1d8 C:\Windows\system32\DRIVERS\sscdserd.sys

MD5: 814a1c66fbd4e1b310a517221f1456bf C:\Windows\System32\drivers\tcpip.sys

MD5: 119a487b94fcb54d5154ebfbfa124755 C:\Windows\System32\drivers\UMDF\WpdFs.dll

MD5: 83cafcb53201bbac04d822f32438e244 C:\Windows\System32\Drivers\usbaapl.sys

MD5: bbec6041e61201d61b89e28a0ff7798f C:\Windows\System32\drivers\XAudio.exe

MD5: bfcc507eca58f11c5fed96e192b878cb C:\Windows\system32\DRIVERS\xaudio.sys

MD5: c790b4593c0b48bb1888880fe89bc09b C:\Windows\system32\DWrite.dll

MD5: aaae543c535ed596ecad2ab8761c2c6f C:\Windows\system32\dxgi.dll

MD5: b8a21907fe2f1a113f3487d9ab60bef9 C:\Windows\system32\en-us\tQuery.dll.mui

MD5: 8ce364388c8eca59b14b539179276d44 c:\windows\system32\fntcache.dll

MD5: 9a75518600fba10980ee94267ca98489 C:\Windows\System32\gameux.dll

MD5: b4b59ac042ee3733a862f26cbc0b17fc C:\Windows\system32\hidphone.tsp

MD5: 0c84b6affa7486422235584110d7176f c:\windows\system32\ICAAPI.dll

MD5: ee9d715af1b928982f417238b9914484 C:\Windows\system32\ieapfltr.dll

MD5: b23137887833d849edb4f03ed8124e71 C:\Windows\System32\ieframe.dll

MD5: 1341915d4705a3ba68bc49e83024ade0 C:\Windows\system32\iertutil.dll

MD5: cf316fa04d6bd6168223a0e029c6c874 C:\Windows\system32\IEUI.dll

MD5: eb49faa5ebbc06356fb12476438781b9 C:\Windows\system32\imagehlp.dll

MD5: 328e900311d5c31f399730c7ccc8883a C:\Windows\System32\jscript9.dll

MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll

MD5: 953193a9dea40348c1086d171f6440ae C:\Windows\system32\kmddsp.tsp

MD5: ca0b849566776a17f35f0339be17dfd9 c:\windows\system32\ktmw32.dll

MD5: 35d40113e4a5b961b6ce5c5857702518 c:\windows\system32\lmhsvc.dll

MD5: b17d18fd6594aaa25cbc95e799b1bf40 C:\Windows\system32\logon.scr

MD5: 178fac2b7c66e9a4400ce7ac37623e3f C:\Windows\system32\LSASRV.dll

MD5: a3e186b4b935905b829219502557314e C:\Windows\System32\lsass.exe

MD5: 67c04ffc699b37e1b15d702d723348bb C:\Windows\system32\Macromed\Flash\Flash10p.ocx

MD5: a1793136ed32c13adb3740a6557b3d84 C:\Windows\system32\MFC71U.DLL

MD5: bf142d4f8c61ed3629a9cdd7ba867900 C:\Windows\system32\MFPlat.DLL

MD5: b4f5de3dad8e6b97272f45db97674878 C:\Windows\System32\mgmtapi.dll

MD5: 2e837f3d406224df131c34bc8f71621e C:\Windows\system32\modemui.dll

MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\System32\MPRAPI.dll

MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\System32\msfeeds.dll

MD5: f82bf2cb075b49e9fab5ff213c45c020 C:\Windows\system32\MSHTML.dll

MD5: aab5feaabf4cb6f76d794203831c8d94 C:\Windows\system32\Msidle.dll

MD5: 5e41139ec6efbcaffd96d46925e544ab c:\windows\system32\mspatcha.dll

MD5: abe9eea1eabea0711610a637a7b1c25d C:\Windows\system32\msprivs.dll

MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll

MD5: b1c5adf56c4d47833d32d06a02d4e184 C:\Windows\system32\MSVCP71.dll

MD5: fefc51a19141a9a911b1e161a6662ced C:\Windows\system32\MSVCR71.dll

MD5: 17af64d727545f2804f6e6d998327e3f C:\Windows\system32\msvcrt.dll

MD5: 2fa16465f64db54b1f7f511395eb4fd7 C:\Windows\system32\NCObjAPI.DLL

MD5: f4d9ed6bd74ad7cc0bec83c43a1cb76b c:\windows\system32\ncsi.dll

MD5: 2f6776acefe41ee889c464ea407918f2 C:\Windows\system32\ndptsp.tsp

MD5: 6bc5fcef351e4cb5a269c1e84b5a06da C:\Windows\system32\netcfgx.dll

MD5: 95daecf0fb120a7b5da679cc54e37dde C:\Windows\system32\netlogon.dll

MD5: 4bf053944e973c073339be841c9ecf28 C:\Windows\System32\NETRAP.dll

MD5: 8bb86f0c7eea2bded6fe095d0b4ca9bd c:\windows\system32\nsisvc.dll

MD5: dda770bbd7c2ed024d6f50e279d90e5b C:\Windows\system32\ntdll.dll

MD5: 08db9ef635114b8070d968bb7ff63b5e C:\Windows\system32\nvapi.dll

MD5: 356e0cc1eaa7beb8b6cad5c44cb6b548 C:\Windows\system32\NvCpl.dll

MD5: 7f702ae8b496310b529a51ff82d7afe4 C:\Windows\system32\nvd3dum.dll

MD5: 1b9f5c3c4675809cca1e8414c6985a76 C:\Windows\system32\NvMcTray.dll

MD5: ae0b37c6142a44f6232a06fff1e5752f C:\Windows\system32\NVSVC.DLL

MD5: 4d6cb78d8883d3ddab56d82a2c6d817d C:\Windows\System32\nvvsvc.exe

MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll

MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll

MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll

MD5: f0062778f50838145ac46b384ffb4fa3 C:\Windows\system32\pcadm.dll

MD5: b2b117bd8d1ea80536cdd91797ef4a0a C:\Windows\System32\portabledeviceclassextension.dll

MD5: b288ff7c1987a736726e87c79148c360 C:\Windows\system32\PortableDeviceWiaCompat.dll

MD5: e340845c8e96d107c36420065d7a5733 C:\Windows\system32\printcom.dll

MD5: 08f9134a2215b7ed985409a4df60ac60 C:\Windows\system32\psbase.dll

MD5: 6d01259214d1e815613eca3cd81679ec C:\Windows\system32\pstorsvc.dll

MD5: 801f1e963f7eeffda3f9ef89db3ef133 C:\Windows\system32\radardt.dll

MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\System32\RASDLG.dll

MD5: 88225070dd2f7b0b2ed51e7935078641 C:\Windows\system32\RASQEC.DLL

MD5: b9f3ff52b84fd9e3cafb29b8ee385e5b C:\Windows\system32\RESUTILS.DLL

MD5: 4b555106290bd117334e9a08761c035a C:\Windows\System32\rundll32.exe

MD5: da61f5c012a646771587a8cb9c0ae590 C:\Windows\system32\schannel.dll

MD5: 1a58069db21d05eb2ab58ee5753ebe8d c:\windows\system32\schedsvc.dll

MD5: d602fedbd9155fc2ded6863fb60c950f C:\Windows\system32\Secur32.dll

MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll

MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\system32\SHELL32.dll

MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll

MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\system32\SHSVCS.dll

MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe

MD5: bf7e4d6f60a6d9e866432855c6f8c262 c:\windows\system32\sqmapi.dll

MD5: 1bf5eebfd518dd7298434d8c862f825d c:\windows\system32\srvsvc.dll

MD5: 452341e471d2d961229dfe0842957272 C:\Windows\system32\SSCORE.DLL

MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll

MD5: 71f5a7104fdf16c0ac5283a6ce666553 C:\Windows\system32\SYSNTFY.dll

MD5: 2a6a2c09ecc2cb495628e45f1379ece8 C:\Windows\system32\taskcomp.dll

MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe

MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll

MD5: 5091452dc719281cf1dd69367e13b494 C:\Windows\System32\tcpmib.dll

MD5: f8873d15018f411588bec02c1725bada C:\Windows\system32\tspkg.dll

MD5: e45051c374f845edf3db02a35ba13193 C:\Windows\system32\umb.dll

MD5: 0b71899e60d1265229bf3d080eab573d C:\Windows\system32\unimdmat.dll

MD5: dfbaadf1b624dc71e88d34d86b3595be C:\Windows\system32\uniplat.dll

MD5: 4c162b2a8e175f46db41b21c77688221 C:\Windows\system32\urlmon.dll

MD5: 0bf0bb276f17b6ad61a8694d2551ec28 C:\Windows\System32\usbmon.dll

MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll

MD5: dc3ae9f1554dcd97f90983ddbdacd83d C:\Windows\system32\vsstrace.dll

MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll

MD5: e7d0f91e44d9d3b2116fa549bdcdb756 c:\windows\system32\WDSCORE.dll

MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll

MD5: 0745d6ead386710110817fbec03f5161 C:\Windows\system32\wfapigp.dll

MD5: 73fe2e5fa55088a241aa2732f5d387d6 C:\Windows\system32\wiarpc.dll

MD5: dbd02e3e6f061ebbbf9b99a9d7cba30b C:\Windows\System32\WINHTTP.dll

MD5: 44465367256d1c72b58f5abaa19e7016 C:\Windows\system32\WININET.dll

MD5: 101ba3ea053480bb5d957ef37c06b5ed C:\Windows\System32\wininit.exe

MD5: 14ff750efe13b0c21e5a06507c3a97b1 C:\Windows\system32\WINMM.dll

MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 c:\windows\system32\WINSPOOL.DRV

MD5: d2293b069e4b63dc17b2f08d45e71124 C:\Windows\system32\winsrv.dll

MD5: e253e5da1249a471d913f7ea4c81faf6 C:\Windows\system32\WINTRUST.dll

MD5: 92283d9e33ec5f41ecc0b430b7459241 C:\Windows\system32\wls0wndh.dll

MD5: 015e99a7634b93e8bb0380c70f3d2cc3 C:\Windows\system32\wmp.dll

MD5: 9441a231c0aa0712f7cf3b10d9cfcf76 C:\Windows\system32\wmploc.dll

MD5: f0321da5203f1e71917f3b7a13dc4912 C:\Windows\system32\WMsgAPI.dll

MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll

MD5: 09c7859269563c240ab2aaab574483dd C:\Windows\System32\WUDFHost.exe

MD5: 399bb52ad0668472717498e97cf28341 c:\windows\system32\WUDFPlatform.dll

MD5: 4b72b5b342ada4de8deea39cce465b58 C:\Windows\system32\WUDFx.dll

MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\XmlLite.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL

MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll

MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\COMCTL32.dll

MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.02 MB sent, 1.36 KB recvd

Scanned 887 files and modules - 48 seconds

==============================================================================

Link to post
Share on other sites

Let's follow-up with these next steps:

Step 1

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :reg
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JollyBear"=-
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

I'd like for you to upload 1 DLL file for scanning at some anti-virus analysis sites.

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

==

Use your browser to go here at VirSCAN.org website

Click the Browse button and then navigate to C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll, then click the Submit button.

Save the results, and post back here in a reply.

=

Use your browser to go Threatexpert

http://www.threatexp...m/filescan.aspx

Click the Browse button and then navigate to C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll,

click the checkbox to checkmark "I agree to be bound by the Terms and Conditions"

then click the Submit button.

Save the results, and post back here in a reply.

Step 3

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Windows 7 & Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Reply back with copy of contents of OTL MovedFiles log

and logs/reports from the sites above,

and the contents of GooredFix.txt

There will be more to do later.

Link to post
Share on other sites

OTL stopped responding. Gave the error that the program was not responding and cancelled. Now my comp screen just shows only the background pic and no icons. How shall I proceed?

Very scared to shut down/restart my comp ordo anything toot...so I just have iron with the background pic showing.

Link to post
Share on other sites

Meant I still have my comp on but it is only showing the background pic with no icons

OTL stopped responding. Gave the error that the program was not responding and cancelled. Now my comp screen just shows only the background pic and no icons. How shall I proceed?

Very scared to shut down/restart my comp ordo anything toot...so I just have iron with the background pic showing.

Link to post
Share on other sites

Please gather up your courage and please do not panic. If the system is frozen or you do not have a usable Windows desktop, just power OFF your computer and wait about a minute, and then power up the pc.

Let it boot normally into Windows.

Your antivirus program may have interfere with the run of OTL. Please turn OFF your antivirus program

See this guide on how to do that How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 2

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :reg
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JollyBear"=-
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

I'd like for you to upload 1 DLL file for scanning at some anti-virus analysis sites.

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

==

Use your browser to go here at VirSCAN.org website

Click the Browse button and then navigate to C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll, then click the Submit button.

Save the results, and post back here in a reply.

=

Use your browser to go Threatexpert

http://www.threatexp...m/filescan.aspx

Click the Browse button and then navigate to C:\Users\Emily\AppData\Local\Microsoft\JollyBear\ihkpbqo.dll,

click the checkbox to checkmark "I agree to be bound by the Terms and Conditions"

then click the Submit button.

Save the results, and post back here in a reply.

Step 4

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Windows 7 & Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Reply back with copy of contents of OTL MovedFiles log

and logs/reports from the sites above,

and the contents of GooredFix.txt

There will be more to do later.

Link to post
Share on other sites

From OTL MovedFiles log:

========== PROCESSES ==========

All processes killed

========== FILES ==========

recycler not found in C:\

recycler not found in D:\

recycler not found in E:\

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JollyBear not found.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: BerryKids

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Emily

->Flash cache emptied: 0 bytes

User: Guest

->Flash cache emptied: 0 bytes

User: Madhuri

User: Public

User: Shelley

->Flash cache emptied: 93590 bytes

Link to post
Share on other sites

From VirusTotal website;

SHA256: 58ab4e88ad027ac28747ad2e621d0ce359cf9d4fc335fcb78f0c8cf330f955e6 SHA1: adbb1a60c8e6a7e0170a0cbefa854666d6dc63d2 MD5: 34f8ecb55579bbbced8b39f0e448700c File size: 400.0 KB ( 409600 bytes ) File name: 34f8ecb55579bbbced8b39f0e448700c.exe File type: Win32 DLL Detection ratio: 1 / 42 Analysis date: 2012-04-25 11:49:13 UTC ( 4 hours, 23 minutes ago )

0

0

More details

Antivirus Result Update AhnLab-V3 - 20120423 AntiVir - 20120424 Antiy-AVL - 20120423 Avast - 20120423 AVG - 20120423 BitDefender - 20120424 ByteHero - 20120424 CAT-QuickHeal - 20120423 ClamAV - 20120424 Commtouch - 20120424 Comodo - 20120424 DrWeb - 20120424 Emsisoft - 20120424 eSafe - 20120423 eTrust-Vet - 20120423 F-Prot - 20120423 F-Secure - 20120424 Fortinet - 20120424 GData - 20120424 Ikarus - 20120424 Jiangmin - 20120423 K7AntiVirus - 20120420 Kaspersky - 20120424 McAfee Sefnit.ah 20120423 McAfee-GW-Edition - 20120423 Microsoft - 20120424 NOD32 - 20120424 Norman - 20120423 nProtect - 20120424 Panda - 20120423 PCTools - 20120423 Rising - 20120423 Sophos - 20120424 SUPERAntiSpyware - 20120402 Symantec - 20120424 TheHacker - 20120422 TrendMicro - 20120423 TrendMicro-HouseCall - 20120424 VBA32 - 20120422 VIPRE - 20120424 ViRobot - 20120424 VirusBuster - 20120423

Link to post
Share on other sites

From VirSCAN.org:

File Name : ihkpbqo.dll File Size : 409600 byte File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : 34f8ecb55579bbbced8b39f0e448700c SHA1 : adbb1a60c8e6a7e0170a0cbefa854666d6dc63d2

a-squared 5.1.0.4 20120425192643 2012-04-25

- 0.387 AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26

- 2.262 AntiVir 8.2.10.24 7.11.25.222 2012-03-22

- 0.214 Antiy 2.0.18 2.0.18. 0002-18-00

- 0.273 Arcavir 2011 201204241400 2012-04-24

- 4.509 Authentium 5.1.1 201204251233 2012-04-25

- 1.615 AVAST! 4.7.4 120425-0 2012-04-25

- 0.257 AVG 12.0.1782 2409/4958 2012-04-25

- 0.399 BitDefender 7.90123.7094456 7.42049 2012-04-25

- 4.060 ClamAV 0.97.3 14842 2012-04-25

- 0.361 Comodo 5.1 12150 2012-04-25

UnclassifiedMalware 2.356 CP Secure 1.3.0.5 2012.04.25 2012-04-25

- 0.424 Dr.Web 7.0.1.2210 2012.04.23 2012-04-23

- 14.821 F-Prot 4.6.2.117 20120425 2012-04-25

- 0.926 F-Secure 7.02.73807 2012.02.07.03 2012-02-07

- 2.323 Fortinet 4.3.392 15.460 2012-04-24

- 0.337 GData 22.4753 20120425 2012-04-25

- 5.530 Ikarus T3.1.32.20.0 2012.04.25.81029 2012-04-25

- 6.573 JiangMin 13.0.900 2012.04.25 2012-04-25

- 2.201 Kaspersky 5.5.10 2012.04.25 2012-04-25

- 0.289 KingSoft 2009.2.5.15 2012.4.25.14 2012-04-25

- 1.032 McAfee 5400.1158 6691 2012-04-24

Sefnit.ah 8.466 Microsoft 1.8304 2012.04.25 2012-04-25

- 4.696 NOD32 3.0.21 7063 2012-04-17

- 0.164 nProtect 20120424.01 11170404 2012-04-24

- 3.336 Panda 9.05.01 2012.04.25 2012-04-25

- 2.465 Quick Heal 11.00 2012.04.25 2012-04-25

- 1.627 Rising 20.0 24.07.02.01 2012-04-25

- 2.833 Sophos 3.30.0 4.76 2012-04-25

- 5.488 Sunbelt 3.9.2535.2 11837 2012-04-25

- 1.467 Symantec 1.3.0.24 20120423.002 2012-04-23

- 0.164 The Hacker 6.7.0.1 v00451 2012-04-24

- 0.806 Trend Micro 9.500-1005 8.938.04 2012-04-25

- 0.247 VBA32 3.12.16.4 20120425.1149 2012-04-25

- 3.718 ViRobot 20120425 2012.04.25 2012-04-25

- 0.418 VirusBuster 5.5.0.2 14.2.43.0/8477309 2012-04-25

- 0.264

Link to post
Share on other sites

BTW, thank you so much for your continued assistance!

From GooredFix.txt:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 09:30 on 25/04/2012 (Emily)

Firefox version [unable to determine]

========== GooredScan ==========

Removing Orphan:

"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:50 25/10/2009]

-=E.O.F=-

Link to post
Share on other sites

Let's follow-up with some other tools/reports:

Disable your antivirus program so that it does not interfere. Leave the firewall on.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 4

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Step 5

Re-Enable your antivirus program.

Reply with a copy of the contents of aswMBR log

TDSSKILLER log

GMER log

C:\Combofix.txt log

Do NOT attach the files. Use NOTEPAD to Copy & Paste the logs within the main-body of reply box.

Link to post
Share on other sites

The aswMBR.exe program gives a prompt upon running that asks me if I want to download the latest Avast! antivirus defintions. Do I press "yes" or do I press "no"?

Also, how do I change the a-v scan to None?

I see the option to uncheck trace disk IO calls, but do not see/know where to find the option to change the a-v scan to None.

Thx!

Link to post
Share on other sites

Good morning Loislane1.

If you are at a point where, you can stop, then do the following now:

First, make sure you have saved all your work before you begin, and close your open apps.

Close all open windows on the Task Bar.

Note: If using Firefox browser, right-click on any download links and choose Save As

Please download OTH to your desktop

Double click the OTH file to run it and click Kill All Processes button, your desktop will go blank. (That is normal & expected).

If running on Windows 7 or Vista, to start tools, do a RIGHT-Click and then select "Run As Administrator".

OTH_Main.gif

Then press Start OTL button. OTL will now run. If prompted to allow it to run, press YES.

  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt
  • the contents of Extras.txt

Do not use the attachment feature to place any of your reports. Always Copy & Paste them in-line inside the body of reply.

Also tell me where you were and how far you have gotten on the tasks I outlined before.

Link to post
Share on other sites

Sorry I have not replied to my help request for this long. Another issue sprung up with my computer not turning on and I needed to get it repaired.

I will be able to perform the next round of instructions given to me that proceeded my last post with required log readouts beginning tomorrow afternoon.

Once again, I am terribly sorry for any incovenience my lack of posting has caused, and I greatly appreciate all of your help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.