Jump to content

Google redirects and MSE failure


Recommended Posts

I have two issues that started at the same time.

First, links in Bing and Google are redirected to various sites unrelated to the search.

Second, Microsoft Essentials and Windows Defender seem not to be working propertly. When I launch MSE, it appears for a second and then disappears. The icon in the tray also disappears when I hover over it. Defender acts the same way.

I rebooted in safe mode and was able to run MSE. Full scan did not find any issues.

Downloaded Malwarebytes and did a scan, no issues.

Downloaded PCTools and did a scan, no issues.

Please help. Thanks.

Here is the DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457

Run by Vostro420 at 20:36:56 on 2012-12-28

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1616 [GMT -8:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AERTSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Siber Systems\GoodSync\GoodSync.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Users\Vostro420\Downloads\OTL.exe

C:\Windows\notepad.exe

C:\Windows\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\vostro420\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [GoodSync] "c:\program files\siber systems\goodsync\GoodSync.exe" /min

uRun: [soahkaoqdu] c:\users\vostro420\appdata\roaming\ehyna\ecfy.exe

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

uRun: [fvsrrymfan] rundll32 "c:\users\vostro420\appdata\roaming\bitsadmina.dll",Mfhewg

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch

mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ACSW14EN] "c:\program files\acd systems\acdsee\14.0\ACDSeeInTouch2.exe" /pid ACSW14EN

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} - hxxps://vt.globalpay.com/admin/objects/smsx.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{8115AB82-A9F0-46A3-A2A9-974C3D20D46B} : DHCPNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2011-6-22 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2011-7-1 18240]

R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-1-13 3002808]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]

R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2009-11-3 14592]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-28 14848]

S3 Sage Simply Accounting Transaction Manager 2011 - CDN;Sage Simply Accounting Transaction Manager 2011 - CDN;c:\program files\winsim\transactionmanager2011 - cdn\Sage_SA.TransactionManager.exe [2011-6-7 46408]

S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2012-6-8 46440]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-28 49664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-23 1343400]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-12-29 04:05:22 -------- d-----w- c:\users\vostro420\appdata\roaming\Malwarebytes

2012-12-29 04:05:15 -------- d-----w- c:\programdata\Malwarebytes

2012-12-29 04:05:00 -------- d-----w- c:\users\vostro420\appdata\local\Programs

2012-12-29 03:51:38 247808 ----a-w- c:\windows\system32\schannel.dll

2012-12-29 03:51:37 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-12-29 03:51:37 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-12-29 03:51:37 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-12-29 03:51:37 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-12-29 03:51:35 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-12-28 07:00:19 -------- d-----w- c:\program files\PC Tools

2012-12-28 06:46:20 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-12-28 06:46:17 -------- d-----w- c:\program files\common files\PC Tools

2012-12-28 06:45:00 -------- d-----w- c:\programdata\PC Tools

2012-12-28 06:44:57 -------- d-----w- c:\users\vostro420\appdata\roaming\TestApp

2012-12-28 03:54:02 -------- d-----w- c:\windows\pss

2012-12-22 17:29:24 122880 --sha-r- c:\users\vostro420\appdata\roaming\bitsadmina.dll

2012-12-21 11:00:44 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 11:00:44 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 13:30:06 2345984 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-12-11 23:06:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 23:06:55 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-10-22 05:13:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-22 05:13:03 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

============= FINISH: 20:37:11.14 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 22/06/2011 11:43:34 PM

System Uptime: 28/12/2012 7:59:45 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0N185P

Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2328/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 190.902 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 733.54 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 7000 E809a

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 7000 E809a

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet M1536dnf MFP

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: Hewlett-Packard

Name: HP LaserJet M1536dnf MFP

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

7000E809a

7000E809a_eDocs

7000E809a_Help

ACDSee 14

Add or Remove Adobe Creative Suite 3 Design Premium

Adobe Acrobat 8 Professional

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Design Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 9 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.4)

Adobe Setup

Adobe SING CS3

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

Bing Bar

Bing Rewards Client Installer

BPDSoftware

BPDSoftware_Ini

BufferChm

D-Link SmartConsole Utility

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Resource CD

DeviceDiscovery

Dynex All-in-1 Card Reader

EST Desktop 2.0 2.0.1211.0.11

GoodSync

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP Customer Participation Program 14.0

HP FWUpdateEDO3

HP Imaging Device Functions 14.0

HP LaserJet Professional M1530 MFP Series

HP LJ M1530 MFP Series HP Scan

HP Officejet 7000 E809a Series

HP Photo Creations

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPDiagnosticAlert

HPLaserJetHelp_LearnCenter

HPLJUT

hppFaxDrvM1530

hppFaxUtilityM1530

hppLaserJetService

hppM1530LaserJetService

HPProductAssistant

hppSendFaxM1530

hppTLBXFXM1530

HPSSupply

hpzTLBXFX

I.R.I.S. OCR

Java Auto Updater

Java 6 Update 37

Logitech Webcam Software

MailingCheck

MarketResearch

MeadCo ScriptX (v7.0.0.8 (x86))

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Small Business 2007

Microsoft Office Word MUI (English) 2007

Microsoft Outlook 2010

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyPhotoCreations

MySQL Connector/ODBC 3.51

Network

PDF Settings

Picasa 3

Polar Precision Performance SW

Polar WebLink 2.4.11

ProductContext

QNAP Finder

Realtek High Definition Audio Driver

RoboForm 7-8-4-7 (All Users)

Sage Download Manager

Sage Simply Accounting 2011

Sage Simply Accounting 2012

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SendBlaster

Shop for HP Supplies

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

Silicon Laboratories USBXpress Device (Driver Removal)

Skype Click to Call

Skype™ 6.0

SmartWebPrinting

SolutionCenter

Status

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

WeatherLink 5.9.2

WeatherLink 5.9.3

WebReg

Windows Live ID Sign-in Assistant

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

28/12/2012 8:01:47 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

28/12/2012 8:00:19 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

28/12/2012 7:07:18 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

27/12/2012 7:57:45 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 7:53:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

27/12/2012 11:02:42 PM, Error: PCTCore [280] -

27/12/2012 10:28:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

27/12/2012 10:28:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

27/12/2012 10:28:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

27/12/2012 10:28:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Link to post
Share on other sites

Based on some other topics about similar issues, I downloaded and ran OTL.

Here is OTL.txt: (extras.txt is below).

OTL logfile created on: 28/12/2012 8:20:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vostro420\Downloads

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.24% Memory free

6.00 Gb Paging File | 4.46 Gb Available in Paging File | 74.35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 298.05 Gb Total Space | 190.89 Gb Free Space | 64.05% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 733.54 Gb Free Space | 78.75% Space Free | Partition Type: NTFS

Computer Name: FB-02-V420 | User Name: Vostro420 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Vostro420\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)

PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)

PRC - C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe ()

PRC - C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()

PRC - C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)

PRC - C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe (Sage)

PRC - C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)

PRC - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)

PRC - C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()

PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a67380b6387234a8a9032ccd5c3dbf4e\System.Runtime.Serialization.Formatters.Soap.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll ()

MOD - C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()

MOD - C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll ()

MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()

========== Services (SafeList) ==========

SRV - (Sage Simply Accounting Transaction Manager 2012 - CDN) -- C:\Program Files\Winsim\TransactionManager2012 File not found

SRV - (Sage Simply Accounting Transaction Manager 2011 - CDN) -- C:\Program Files\Winsim\TransactionManager2011 File not found

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)

SRV - (GsServer) -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe ()

SRV - (Simply Accounting Database Connection Manager) -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe (Sage)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)

SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)

SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (SIUSBXP) -- C:\Windows\System32\drivers\SiUSBXp.sys (Silicon Laboratories)

DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)

DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)

DRV - (DbgMsg) -- C:\Windows\System32\drivers\DbgMsg.sys (Compuware Corporation - NuMega Lab)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 7C 5F 02 71 31 CC 01 [binary data]

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GBCA437

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=CA&ver=4.0.0.1884

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vostro420\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vostro420\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:46:23 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:46:23 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vostro420\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Vostro420\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vostro420\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Skype Click to Call = C:\Users\Vostro420\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [ACSW14EN] C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe (ACD Systems)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionManager] C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)

O4 - HKLM..\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)

O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [fvsrrymfan] C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll ()

O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()

O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKU\S-1-5-21-784824154-2186569503-2690575908-1000..\Run: [soahkaoqdu] C:\Users\Vostro420\AppData\Roaming\Ehyna\ecfy.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} https://vt.globalpay.com/admin/objects/smsx.cab (MeadCo Extended HTML Printing)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8115AB82-A9F0-46A3-A2A9-974C3D20D46B}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{8a49023a-a762-11e0-b3d0-0024e81653b9}\Shell - "" = AutoRun

O33 - MountPoints2\{8a49023a-a762-11e0-b3d0-0024e81653b9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{f2c5d438-2ce7-11e1-aa00-0024e81653b9}\Shell - "" = AutoRun

O33 - MountPoints2\{f2c5d438-2ce7-11e1-aa00-0024e81653b9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/28 20:05:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012/12/28 20:05:22 | 000,000,000 | ---D | C] -- C:\Users\Vostro420\AppData\Roaming\Malwarebytes

[2012/12/28 20:05:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/12/28 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/12/28 20:05:00 | 000,000,000 | ---D | C] -- C:\Users\Vostro420\AppData\Local\Programs

[2012/12/28 19:52:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys

[2012/12/28 19:52:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

[2012/12/28 19:52:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll

[2012/12/28 19:52:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

[2012/12/28 19:52:42 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys

[2012/12/28 19:52:41 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe

[2012/12/28 19:52:41 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2012/12/28 19:52:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll

[2012/12/28 19:52:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll

[2012/12/28 19:52:41 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe

[2012/12/28 19:52:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll

[2012/12/28 19:52:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2012/12/28 19:52:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll

[2012/12/28 19:52:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll

[2012/12/28 19:52:40 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2012/12/28 19:51:37 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/12/28 19:51:35 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012/12/27 23:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools

[2012/12/27 22:46:20 | 000,202,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys

[2012/12/27 22:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2012/12/27 22:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/12/27 22:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/12/27 22:44:57 | 000,000,000 | ---D | C] -- C:\Users\Vostro420\AppData\Roaming\TestApp

[2012/12/27 19:54:02 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/12/21 03:00:44 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2012/12/21 03:00:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2012/12/13 08:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/12/13 08:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/12/12 22:43:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/12/12 22:43:53 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/12/12 22:43:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/12/12 22:43:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/12/12 22:43:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/12/12 22:43:52 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/12/12 22:43:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/12/12 22:43:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/12/12 05:30:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/12/12 05:29:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2012/12/12 05:29:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012/12/12 05:29:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2012/12/12 05:29:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/12 05:29:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/12 05:29:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2012/12/12 05:29:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/12 05:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2012/12/12 05:29:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2012/12/12 05:29:47 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll

[2012/12/12 05:29:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2012/12/28 20:07:59 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/28 20:07:59 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/28 20:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/28 20:04:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/28 20:01:12 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/28 20:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/28 20:00:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2012/12/28 20:00:19 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/28 19:57:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/12/28 19:45:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000UA.job

[2012/12/28 08:45:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000Core.job

[2012/12/27 22:47:18 | 001,524,547 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2012/12/27 12:53:48 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/12/27 12:53:48 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/12/22 09:29:24 | 000,122,880 | RHS- | M] () -- C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll

[2012/12/21 03:20:34 | 001,761,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2012/12/13 08:25:34 | 000,002,467 | ---- | M] () -- C:\Users\Vostro420\Desktop\Google Chrome.lnk

[2012/12/13 08:23:38 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/12/11 15:06:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/12/11 15:06:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/12/27 22:46:25 | 001,524,547 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2012/12/22 09:29:24 | 000,122,880 | RHS- | C] () -- C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll

[2012/01/04 18:48:47 | 000,000,017 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\resmon.resmoncfg

[2011/12/19 21:42:07 | 000,000,530 | ---- | C] () -- C:\Windows\hpwmdl25.dat.temp

[2011/12/08 11:26:29 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{6B726414-3D01-4EFA-9139-FE155B37F036}

[2011/11/22 11:25:36 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{E73F65E3-C42B-4B75-BA44-56C74D93858E}

[2011/11/09 10:57:24 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{83188971-3CC0-457B-BF22-90BBF6CA98E3}

[2011/11/09 10:55:26 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{7CB42929-C11E-4812-8B49-1B587EC4DB9B}

[2011/11/09 10:44:00 | 000,000,000 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\{412AE95D-09B4-45AC-B8B3-04F3AE2FEFCB}

[2011/07/05 20:33:19 | 000,218,099 | ---- | C] () -- C:\Windows\hpwins25.dat

[2011/07/05 20:33:19 | 000,000,530 | ---- | C] () -- C:\Windows\hpwmdl25.dat

[2011/07/01 18:08:28 | 000,028,672 | ---- | C] () -- C:\Windows\dbgmsgcfg.dll

[2011/06/29 20:49:35 | 000,010,752 | ---- | C] () -- C:\Users\Vostro420\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/29 18:30:02 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/06/24 09:15:42 | 000,103,784 | ---- | C] () -- C:\Users\Vostro420\GoToAssistDownloadHelper.exe

[2011/06/24 08:28:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/06/23 13:42:23 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011/06/23 01:19:19 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2011/06/23 00:42:16 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys

[2011/06/23 00:42:16 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini

[2011/06/22 22:26:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011/02/28 20:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras.txt:

OTL Extras logfile created on: 28/12/2012 8:20:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vostro420\Downloads

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.24% Memory free

6.00 Gb Paging File | 4.46 Gb Available in Paging File | 74.35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 298.05 Gb Total Space | 190.89 Gb Free Space | 64.05% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 733.54 Gb Free Space | 78.75% Space Free | Partition Type: NTFS

Computer Name: FB-02-V420 | User Name: Vostro420 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee 14.Manage] -- "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeQV14.exe" "%1" (ACD Systems International Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{096E9346-194F-4DE5-A122-FE9B5C9028E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0BD8F6E5-49AC-446B-ABA5-AFDA9A80C1E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0CDBA45A-E74D-47A5-8BDA-1F8FA02D61A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{298BABBA-1E2A-4AC5-B7C1-17C13699639A}" = rport=138 | protocol=17 | dir=out | app=system |

"{29B82D55-63A8-46B5-A264-0E27BD02A4C3}" = rport=137 | protocol=17 | dir=out | app=system |

"{2EE8F8D9-8C39-4894-A671-A1B8925507A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{2F32FBE3-18D3-4E25-8EBD-B42C4818618A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3D1DA8FC-92F4-4C5C-8C8F-3D09927BF08B}" = lport=138 | protocol=17 | dir=in | app=system |

"{42EDFAE5-DCE9-4545-AD22-396895D3E1A8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{4547A0E2-3A4D-4D19-A762-4AF127164DBC}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{45875928-4F5E-438C-9508-EF5542F60704}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4CC19175-3A2D-45AE-8C31-5CFB30DA90B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{50EF1734-B1C0-46EF-B2CE-E8B207CC1F38}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{581720AB-267A-45B9-A33F-A5D633EA3123}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{585D140C-4140-46D2-99C4-BE4A9842253C}" = rport=445 | protocol=6 | dir=out | app=system |

"{65AEEAB8-CC63-4709-828B-4484C2B7D6A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{74EE138E-D29D-43CC-8AE6-C12D52BC5B7A}" = lport=10243 | protocol=6 | dir=in | app=system |

"{794EA90F-E0ED-470A-81DE-8BDE0F12C8EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7BB445D4-E5E0-4595-9336-9DC88A239803}" = lport=445 | protocol=6 | dir=in | app=system |

"{884E29B3-A664-43FD-9F8B-7AC8F1741AF4}" = rport=139 | protocol=6 | dir=out | app=system |

"{8D717933-9322-4AC4-A8D3-665EEB22BD6E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{97D512FD-2354-424F-BDBC-27E8F6E9B888}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{99DE1860-CBE7-4B0B-AABE-B39C315DA8BD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9D07F810-EFAF-424E-8ECD-B04D6A5236E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B022367A-A5A8-4B9E-95E8-44FEECF1BF34}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C39599AB-27B5-4C1B-AB38-61A7AE022128}" = lport=33338 | protocol=17 | dir=in | name=goodsync server lan discovery |

"{C7179538-98F9-4036-AE34-6F92FD68188D}" = lport=137 | protocol=17 | dir=in | app=system |

"{D8AD03B0-8BF3-4BCA-947A-4D3A22E8DB36}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{DADE80FD-5E93-4DA0-9841-A0075D6DAA56}" = lport=139 | protocol=6 | dir=in | app=system |

"{DB3E681D-4265-466E-B057-9738756C4282}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{DF7C65E3-A387-4B97-856F-DACF2F23B8E7}" = lport=33333 | protocol=6 | dir=in | name=goodsync server incoming connections |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03764A37-E491-4D54-B6EA-0E52A5A88D43}" = protocol=6 | dir=in | app=c:\program files\siber systems\goodsync\gsexplorer.exe |

"{04F2B8C8-4B5E-44F6-9783-9176D6AE3577}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0F1B6931-A2F0-49FE-A61A-E16194AD452D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{193F7809-E7F3-464E-98E0-1CC5F74763A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{25199DD4-2A86-41E5-A321-EAD2B59EC8A1}" = dir=in | app=c:\program files\hp\oj7000ve809a_full_14\setup\hpznui01.exe |

"{2E1E3768-4EE2-4802-BD6E-FA591082E2D7}" = protocol=17 | dir=in | app=c:\program files\siber systems\goodsync\goodsync.exe |

"{2EB9C823-58A6-488B-A75D-96BACAF8FA66}" = protocol=17 | dir=in | app=c:\program files\siber systems\goodsync\gs-server.exe |

"{31DAE127-0492-4CE1-A7B3-ABA0D49A4969}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |

"{368E8445-F5C3-4DE9-8268-A3D2B4C1A254}" = protocol=17 | dir=in | app=c:\program files\winsim\connectionmanager\simplyconnectionmanager.exe |

"{38BB6A2F-D6CE-434E-9958-9072343C0D55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{422FA990-2A01-4B78-85AA-2DE1D8D26F14}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{45E9AB39-4798-44C1-B075-BF1EF23F18B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4CB319CD-E5D6-40D1-A565-8EFCBBDA89DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{4D436F63-1F73-4066-AB3A-5BD4BB586A76}" = protocol=6 | dir=in | app=c:\program files\winsim\connectionmanager\simplyconnectionmanager.exe |

"{4F483385-E70C-4F0B-80CF-C16859D2005A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{50DE242D-0122-47DD-977F-D7252CC24DF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{529EA435-BD13-4D85-8D26-EFFBC5A9AD79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{53ACDC35-0E21-4FBA-9802-311BCC4CE116}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{587AE10F-2306-40C4-9C4D-A26FD0E9AEBA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{5DCA92CD-B7ED-4FA1-8542-D23FF83BC7BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{732FE0CF-4C28-462B-B341-DE8E0F2890DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7CC39390-43B6-4C7E-AE21-40699E275590}" = protocol=6 | dir=in | app=c:\program files\siber systems\goodsync\gs-server.exe |

"{829C1D97-6704-4AA4-BDB8-4ACB3669AF87}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{8898ADA4-9BE3-427B-90E9-C03960958301}" = protocol=6 | dir=in | app=c:\program files\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqld-nt.exe |

"{8B593BC7-E852-4FEA-ADF5-29E79F6CAFCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{8C61E83F-92E9-4CEC-A74C-EC584B50DA8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8CAA21F3-E1D5-43D8-9E8B-B6963586C40C}" = protocol=6 | dir=in | app=c:\users\vostro420\appdata\local\temp\7zs11c2\hpdiagnosticcoreui.exe |

"{8E7AAD87-5103-475D-BECA-A0B7F068B658}" = protocol=58 | dir=in | app=system |

"{904CC9CC-3B76-46F1-9615-E03DB5299BF8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{9171E7B2-4C95-4D44-8408-17010BB7E7E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{9FF86533-4E50-4014-9C68-E81437B768A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AB45757D-F77A-4F7E-9537-ADEB5F078183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BFA9E1AB-1099-4603-A779-721CFEF6532C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C133D59C-6C1B-44EE-A1FF-6FACA0D117A4}" = protocol=17 | dir=in | app=c:\users\vostro420\appdata\local\temp\7zs11c2\hpdiagnosticcoreui.exe |

"{C7624F54-AAC9-4ADC-B5D3-82E35DFADEEF}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |

"{CA3B5CA6-1F57-44B6-B87F-3A6E1D86AE20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{CB777B22-5032-4973-8F48-2EEC49348986}" = protocol=6 | dir=out | app=system |

"{E5170E3A-0D65-462B-ABC8-A9DD717E0AF4}" = protocol=17 | dir=in | app=c:\program files\siber systems\goodsync\gsexplorer.exe |

"{EE0B3858-D8C7-4B35-AB30-49D370378391}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EE3A57B4-C790-4A13-814D-CB54743ECFB7}" = protocol=17 | dir=in | app=c:\program files\winsim\connectionmanager\mysqlbinary\5.0.38\mysql\mysqld-nt.exe |

"{F198D146-4D5A-4437-8045-3220777E418B}" = protocol=6 | dir=in | app=c:\program files\siber systems\goodsync\goodsync.exe |

"{F569CC1C-7B76-48DE-8924-7BFAAB4DB389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FCEBB4C3-A825-49CE-99DC-A648E1FB1997}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FD7B6095-822E-4B7E-984C-6A9CCE1E141E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{0B62F8F2-CECF-4ADD-BF8A-4002F3E5A68E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{43BD828D-FB22-4314-B7C5-E69D7C42FB6D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{822C793B-0ABF-486F-9752-3741EC59FCB7}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |

"TCP Query User{98228A38-42B7-49A4-89B1-BF1250E6561F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{A695BE21-8B2A-4518-BFB1-F436F6DC56EC}C:\program files\qnap\finder\finder.exe" = protocol=6 | dir=in | app=c:\program files\qnap\finder\finder.exe |

"TCP Query User{BB0C0071-FA02-4995-8935-7C59A4E2C493}C:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

"TCP Query User{CBF5ECF1-1A5B-4AEA-8222-364C7C8688B4}C:\program files\d-link smartconsole utility\d-link smartconsole utility.exe" = protocol=6 | dir=in | app=c:\program files\d-link smartconsole utility\d-link smartconsole utility.exe |

"TCP Query User{D0CF725E-5ED4-4881-99F2-FE67FBF46A2C}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |

"UDP Query User{364740C6-1519-479A-9793-182DC92FA2EC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{4461C023-478D-45A3-B893-5E4F430AC778}C:\program files\d-link smartconsole utility\d-link smartconsole utility.exe" = protocol=17 | dir=in | app=c:\program files\d-link smartconsole utility\d-link smartconsole utility.exe |

"UDP Query User{499B12B3-66F3-4B13-AF98-662CBC0E2C9F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{56D9DC60-709C-41A8-B69D-878EB232B62E}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |

"UDP Query User{8FE661CE-6377-44AC-A91E-7FB889BEEEFD}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |

"UDP Query User{974FC5C3-ED57-4CB7-8BC6-68631539E116}C:\program files\qnap\finder\finder.exe" = protocol=17 | dir=in | app=c:\program files\qnap\finder\finder.exe |

"UDP Query User{D0845EDC-901C-44F3-B7EC-ECB171C9F842}C:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\vostro420\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

"UDP Query User{F2662721-4BE4-40B7-98AD-C32C49D11156}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup

"{0AFECCA6-61A0-409F-9205-67613984209D}" = Dynex All-in-1 Card Reader

"{12C8466B-9E6E-4C0C-BBA3-F05EDF5C8ECA}" = Polar WebLink 2.4.11

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java 6 Update 37

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012

"{2EDDE1F0-62F6-466F-872D-74B7FFB9D35E}" = 7000E809a_eDocs

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{34B93189-6DD6-4445-A4F4-32D0D65B57A6}" = MyPhotoCreations

"{369B1CE1-6D7B-443A-93D5-637FC67326AB}" = MailingCheck

"{37EE481E-E4E9-4F1D-8CEA-4089E8D5280D}" = 7000E809a_Help

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{44E1D9AA-2A0E-48B8-BA26-136C2149C8AD}" = HP Officejet 7000 E809a Series

"{4843994F-AE6A-49A7-9A3D-BC40DB16B0D5}" = 7000E809a

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B04142C-F303-46E8-A3E1-BCD37036108D}" = ProductContext

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53AB83B3-9908-44DF-97B5-C107140F26AD}" = Sage Simply Accounting 2011

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{6F5A71BD-9EC9-4A59-BFBD-CA63CFB4885D}" = ACDSee 14

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series

"{756BCE8E-1AFA-4D74-A704-6E0252665891}" = BPDSoftware_Ini

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{865E1902-B6FE-4AF0-B61D-A82EBC53569E}" = hppSendFaxM1530

"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010

"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{C8CABA12-53F4-4721-AA1D-495782D0C309}" =

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007

"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9112FEA9-0F64-453C-BEA5-9A782F87EDAA}" = hppTLBXFXM1530

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{99716D64-2AD1-40E0-86F1-EA5DA90E3E0A}" = SendBlaster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1D53426-D6F3-4886-A72B-E1A8C82259E9}" = hppM1530LaserJetService

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A6CB4C7C-A6ED-45EB-8719-02808CC5A6BB}" = BPDSoftware

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync

"{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}" = HPLaserJetHelp_LearnCenter

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B562C735-BAB2-473D-AF3C-80D1C8284020}" = D-Link SmartConsole Utility

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}" = HP LJ M1530 MFP Series HP Scan

"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C462F75B-9A35-4A84-AE52-E8C9112AAE87}" = hppFaxUtilityM1530

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C7C88E00-129D-4A91-96A0-4338B41A6A48}" = WeatherLink 5.9.2

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar Precision Performance SW

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2682E66-3DEF-4066-AD9F-70DDB96CDDCC}" = MeadCo ScriptX (v7.0.0.8 (x86))

"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FC7C2707-5E28-4653-8922-CADDD6C439D9}" = WeatherLink 5.9.3

"{FD575F8B-6141-455A-8AE5-F2D2E08520FC}" = hppFaxDrvM1530

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"4336-8086-6854-6034" = EST Desktop 2.0 2.0.1211.0.11

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium

"AI RoboForm" = RoboForm 7-8-4-7 (All Users)

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Photo Creations" = HP Photo Creations

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"InstallShield_{0AFECCA6-61A0-409F-9205-67613984209D}" = Dynex All-in-1 Card Reader

"InstallShield_{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012

"InstallShield_{53AB83B3-9908-44DF-97B5-C107140F26AD}" = Sage Simply Accounting 2011

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Office14.OUTLOOK" = Microsoft Outlook 2010

"Picasa 3" = Picasa 3

"QNAP_FINDER" = QNAP Finder

"Shop for HP Supplies" = Shop for HP Supplies

"SIUSBXP&10C4&EA61" = Silicon Laboratories USBXpress Device (Driver Removal)

"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

"SMALLBUSINESSR" = Microsoft Office Small Business 2007

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-784824154-2186569503-2690575908-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"2f8d25aeed0b3ae4" = Sage Download Manager

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 20/09/2012 12:08:47 PM | Computer Name = FB-02-V420 | Source = ThreadLib | ID = 0

Description =

Error - 20/09/2012 12:10:49 PM | Computer Name = FB-02-V420 | Source = ThreadLib | ID = 0

Description =

Error - 20/09/2012 12:11:31 PM | Computer Name = FB-02-V420 | Source = ThreadLib | ID = 0

Description =

Error - 24/09/2012 2:49:07 PM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002

Description = The program SimplyAccounting.exe version 19.0.0.4 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1f00 Start

Time: 01cd9a81f690bbea Termination Time: 10 Application Path: C:\Program Files\Sage

Simply Accounting Premium 2012\SimplyAccounting.exe Report Id: 64d40604-0678-11e2-9361-0024e81653b9

Error - 24/10/2012 12:13:00 AM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002

Description = The program WINWORD.EXE version 12.0.6662.5003 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: c70 Start

Time: 01cdb08934bd296f Termination Time: 0 Application Path: C:\Program Files\Microsoft

Office\Office12\WINWORD.EXE Report Id:

Error - 24/11/2012 12:58:32 PM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1c08 Start

Time: 01cdca0607fd5a44 Termination Time: 26 Application Path: C:\Program Files\Internet

Explorer\iexplore.exe Report Id:

Error - 25/12/2012 2:30:14 AM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1630 Start

Time: 01cddf6d47670bed Termination Time: 78 Application Path: C:\Program Files\Internet

Explorer\iexplore.exe Report Id:

Error - 25/12/2012 2:30:47 AM | Computer Name = FB-02-V420 | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 13cc Start

Time: 01cddf6d3f9eac28 Termination Time: 0 Application Path: C:\Program Files\Internet

Explorer\iexplore.exe Report Id:

Error - 28/12/2012 3:30:21 AM | Computer Name = FB-02-V420 | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: hpswp_BHO.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4ad4fb6d Exception code: 0xc0000005 Fault offset: 0x0ae370d0 Faulting

process id: 0x10c Faulting application start time: 0x01cde4cce775a239 Faulting application

path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: hpswp_BHO.dll

Report

Id: 6f5046b1-50c0-11e2-b6ce-0024e81653b9

Error - 28/12/2012 3:30:21 AM | Computer Name = FB-02-V420 | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: hpswp_BHO.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4ad4fb6d Exception code: 0xc0000005 Fault offset: 0x094c70d0 Faulting

process id: 0xaf4 Faulting application start time: 0x01cde4cce0c7068d Faulting application

path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: hpswp_BHO.dll

Report

Id: 6f506dc1-50c0-11e2-b6ce-0024e81653b9

Error - 28/12/2012 4:00:33 AM | Computer Name = FB-02-V420 | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: hpswp_BHO.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4ad4fb6d Exception code: 0xc0000005 Fault offset: 0x092470d0 Faulting

process id: 0xf80 Faulting application start time: 0x01cde4ce036ea9ad Faulting application

path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: hpswp_BHO.dll

Report

Id: a76561b2-50c4-11e2-b6ce-0024e81653b9

[ OSession Events ]

Error - 30/06/2011 6:16:25 AM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86193

seconds with 720 seconds of active time. This session ended with a crash.

Error - 30/10/2011 11:49:06 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41

seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/11/2011 4:21:49 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95502

seconds with 600 seconds of active time. This session ended with a crash.

Error - 12/01/2012 4:47:59 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33728

seconds with 120 seconds of active time. This session ended with a crash.

Error - 14/08/2012 3:01:06 PM | Computer Name = FB-02-V420 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 350575

seconds with 11220 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 19/04/2012 10:21:09 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

Error - 20/04/2012 1:14:36 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

Error - 20/04/2012 1:14:36 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

Error - 20/04/2012 1:14:36 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

Error - 25/04/2012 1:40:09 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

Error - 01/05/2012 3:10:44 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10010

Description =

Error - 01/05/2012 3:13:34 PM | Computer Name = FB-02-V420 | Source = volsnap | ID = 393241

Description = The shadow copies of volume C: were deleted because the shadow copy

storage could not grow in time. Consider reducing the IO load on the system or

choose a shadow copy storage volume that is not being shadow copied.

Error - 01/05/2012 3:15:00 PM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

Error - 04/05/2012 1:07:01 AM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

Error - 04/05/2012 3:00:32 AM | Computer Name = FB-02-V420 | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites

Run the following:

Download Farbar Recovery Scan Tool on a clean PC (if possible) and save to a flash drive (memory stick). Use which ever of the folllowing is applicable to your system. (32 or 64 bit)

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <--- 64 bit version Save to USB flash drive

Download http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <--- 32 bit version Save to USB Flash drive

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2012

Ran by SYSTEM at 29-12-2012 09:56:22

Running from F:\

Windows 7 Professional (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()

HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-10-25] (Hewlett-Packard Company)

HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax" [2459192 2010-08-24] (Hewlett-Packard Company)

HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)

HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1425208 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [99656 2011-12-22] (Sage)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [ACSW14EN] "C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe" /pid ACSW14EN [1231472 2011-11-17] (ACD Systems)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)

HKU\Vostro420\...\Run: [Google Update] "C:\Users\Vostro420\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-22] (Google Inc.)

HKU\Vostro420\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-22] (Google Inc.)

HKU\Vostro420\...\Run: [GoodSync] "C:\Program Files\Siber Systems\GoodSync\GoodSync.exe" /min [6356920 2012-01-13] ()

HKU\Vostro420\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-11-28] (Siber Systems)

HKU\Vostro420\...\Run: [fvsrrymfan] rundll32 "C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll",Mfhewg [122880 2012-12-22] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk

ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 AERTFilters; C:\Windows\System32\AERTSrv.exe [81920 2008-07-15] (Andrea Electronics Corporation)

2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe /service [3002808 2012-01-13] ()

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)

3 Sage Simply Accounting Transaction Manager 2011 - CDN; C:\Program Files\Winsim\TransactionManager2011 - CDN\Sage_SA.TransactionManager.exe [46408 2011-06-07] (Sage)

3 Sage Simply Accounting Transaction Manager 2012 - CDN; C:\Program Files\Winsim\TransactionManager2012 - CDN\Sage_SA.TransactionManager.exe [46440 2012-06-08] (Sage)

2 Simply Accounting Database Connection Manager; C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe [21320 2011-12-22] (Sage)

==================== Drivers (Whitelisted) ====================

2 DbgMsg; \??\C:\Windows\System32\Drivers\DbgMsg.sys [18240 2008-07-07] (Compuware Corporation - NuMega Lab)

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()

0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)

3 PolarUSB; C:\Windows\System32\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro)

3 SIUSBXP; C:\Windows\System32\drivers\SiUSBXp.sys [14592 2009-11-03] (Silicon Laboratories)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-12-28 23:48 - 2012-12-28 23:49 - 00013364 ____A C:\Users\Vostro420\Downloads\hijackthis.log

2012-12-28 23:48 - 2012-12-28 23:48 - 00388608 ____A (Trend Micro Inc.) C:\Users\Vostro420\Downloads\HijackThis.exe

2012-12-28 22:16 - 2012-12-28 22:16 - 00688992 ____R (Swearware) C:\Users\Vostro420\Downloads\dds.com

2012-12-28 21:46 - 2012-12-28 21:46 - 00000000 ____D C:\_OTL

2012-12-28 21:03 - 2012-12-28 21:03 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-12-28 20:37 - 2012-12-28 22:45 - 00019883 ____A C:\Users\Vostro420\Desktop\dds.txt

2012-12-28 20:37 - 2012-12-28 22:18 - 00018370 ____A C:\Users\Vostro420\Desktop\attach.txt

2012-12-28 20:26 - 2012-12-28 21:36 - 00077614 ____A C:\Users\Vostro420\Downloads\Extras.Txt

2012-12-28 20:25 - 2012-12-28 22:58 - 00081472 ____A C:\Users\Vostro420\Downloads\OTL.Txt

2012-12-28 20:19 - 2012-12-28 20:19 - 00602112 ____A (OldTimer Tools) C:\Users\Vostro420\Downloads\OTL.exe

2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\Malwarebytes

2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-28 19:52 - 2012-08-23 06:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll

2012-12-28 19:52 - 2012-08-23 06:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys

2012-12-28 19:52 - 2012-08-23 06:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys

2012-12-28 19:52 - 2012-08-23 06:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2012-12-28 19:52 - 2012-08-23 06:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2012-12-28 19:52 - 2012-08-23 05:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll

2012-12-28 19:52 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll

2012-12-28 19:52 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll

2012-12-28 19:52 - 2012-08-23 05:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll

2012-12-28 19:52 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2012-12-28 19:52 - 2012-08-23 03:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2012-12-28 19:52 - 2012-08-23 03:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe

2012-12-28 19:52 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2012-12-28 19:52 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll

2012-12-28 19:52 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe

2012-12-28 19:52 - 2012-08-23 02:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-12-28 19:52 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2012-12-28 19:51 - 2012-08-24 09:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-12-28 19:51 - 2012-08-24 09:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-12-28 19:51 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-12-28 19:51 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-12-28 19:51 - 2012-08-24 08:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2012-12-28 19:51 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

2012-12-27 23:00 - 2012-12-27 23:00 - 01931088 ____A (Symantec Corporation) C:\Users\Vostro420\Downloads\FixTDSS.exe

2012-12-27 23:00 - 2012-12-27 23:00 - 00000000 ____D C:\Program Files\PC Tools

2012-12-27 22:46 - 2012-12-28 19:16 - 00000000 ____D C:\Program Files\Common Files\PC Tools

2012-12-27 22:46 - 2012-12-27 22:47 - 01524547 ____A C:\Windows\System32\Drivers\Cat.DB

2012-12-27 22:46 - 2012-11-01 15:35 - 00202280 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys

2012-12-27 22:45 - 2012-12-28 19:07 - 00000000 ____D C:\Users\All Users\PC Tools

2012-12-27 22:44 - 2012-12-27 22:44 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\TestApp

2012-12-27 22:42 - 2012-12-27 22:43 - 04166136 ____A (PC Tools) C:\Users\Vostro420\Downloads\spdoc.exe

2012-12-27 22:38 - 2012-12-27 22:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Vostro420\Downloads\tdsskiller.exe

2012-12-27 19:54 - 2012-12-27 19:54 - 00000000 ____D C:\Windows\pss

2012-12-22 09:29 - 2012-12-22 09:29 - 00122880 _RASH C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll

2012-12-21 03:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-21 03:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-13 08:23 - 2012-12-13 08:23 - 00000000 ____D C:\Program Files\Common Files\Skype

2012-12-12 22:43 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-12-12 22:43 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-12-12 22:43 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-12-12 22:43 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-12-12 22:43 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-12-12 22:43 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-12-12 22:43 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-12-12 22:43 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-12-12 22:43 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-12-12 22:43 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-12-12 22:43 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-12-12 22:43 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-12-12 22:43 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-12-12 22:43 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-12-12 22:43 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-12-12 22:43 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-12-12 05:30 - 2012-11-21 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-12-12 05:29 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-12-12 05:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

2012-12-12 05:29 - 2012-10-04 08:47 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-12-12 05:29 - 2012-10-04 08:43 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-12-12 05:29 - 2012-10-04 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 06:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-12-12 05:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-12-12 05:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-12-10 10:48 - 2012-12-10 10:49 - 00012800 ____A C:\Users\Vostro420\Downloads\bbc829aa9ef74e879b55048ec74287c5.xls

==================== One Month Modified Files and Folders ========

2012-12-29 09:50 - 2011-06-22 22:26 - 01096125 ____A C:\Windows\WindowsUpdate.log

2012-12-29 09:50 - 2009-07-13 20:34 - 00013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-29 09:50 - 2009-07-13 20:34 - 00013792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-29 09:48 - 2011-06-22 23:24 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-29 09:48 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-29 09:47 - 2011-06-22 22:46 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs

2012-12-29 09:47 - 2009-07-13 20:39 - 00045456 ____A C:\Windows\setupact.log

2012-12-29 09:46 - 2012-01-02 21:14 - 00000000 ____D C:\Users\Vostro420\Documents\Outlook Files

2012-12-29 09:45 - 2011-06-22 23:05 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000UA.job

2012-12-29 09:45 - 2011-06-22 22:48 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-29 09:06 - 2012-07-02 09:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-12-29 09:04 - 2011-06-22 23:24 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-12-29 08:45 - 2011-06-22 23:05 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784824154-2186569503-2690575908-1000Core.job

2012-12-29 00:27 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

2012-12-29 00:00 - 2011-06-22 23:55 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\GoodSync

2012-12-28 23:49 - 2012-12-28 23:48 - 00013364 ____A C:\Users\Vostro420\Downloads\hijackthis.log

2012-12-28 23:48 - 2012-12-28 23:48 - 00388608 ____A (Trend Micro Inc.) C:\Users\Vostro420\Downloads\HijackThis.exe

2012-12-28 22:58 - 2012-12-28 20:25 - 00081472 ____A C:\Users\Vostro420\Downloads\OTL.Txt

2012-12-28 22:45 - 2012-12-28 20:37 - 00019883 ____A C:\Users\Vostro420\Desktop\dds.txt

2012-12-28 22:34 - 2009-07-13 18:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2012-12-28 22:18 - 2012-12-28 20:37 - 00018370 ____A C:\Users\Vostro420\Desktop\attach.txt

2012-12-28 22:16 - 2012-12-28 22:16 - 00688992 ____R (Swearware) C:\Users\Vostro420\Downloads\dds.com

2012-12-28 22:09 - 2011-06-22 23:29 - 00039180 ____A C:\Windows\PFRO.log

2012-12-28 21:46 - 2012-12-28 21:46 - 00000000 ____D C:\_OTL

2012-12-28 21:36 - 2012-12-28 20:26 - 00077614 ____A C:\Users\Vostro420\Downloads\Extras.Txt

2012-12-28 21:05 - 2011-06-23 21:06 - 00001945 ____A C:\Windows\epplauncher.mif

2012-12-28 21:03 - 2012-12-28 21:03 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-12-28 21:03 - 2012-01-01 15:47 - 00000000 ____D C:\Windows\System32\appmgmt

2012-12-28 20:19 - 2012-12-28 20:19 - 00602112 ____A (OldTimer Tools) C:\Users\Vostro420\Downloads\OTL.exe

2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\Malwarebytes

2012-12-28 20:05 - 2012-12-28 20:05 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-12-28 19:58 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore

2012-12-28 19:23 - 2011-06-23 00:37 - 00004856 ____A C:\Users\All Users\hpzinstall.log

2012-12-28 19:16 - 2012-12-27 22:46 - 00000000 ____D C:\Program Files\Common Files\PC Tools

2012-12-28 19:10 - 2011-06-23 00:24 - 00000000 ____D C:\Program Files\Common Files\ACD Systems

2012-12-28 19:07 - 2012-12-27 22:45 - 00000000 ____D C:\Users\All Users\PC Tools

2012-12-27 23:00 - 2012-12-27 23:00 - 01931088 ____A (Symantec Corporation) C:\Users\Vostro420\Downloads\FixTDSS.exe

2012-12-27 23:00 - 2012-12-27 23:00 - 00000000 ____D C:\Program Files\PC Tools

2012-12-27 22:47 - 2012-12-27 22:46 - 01524547 ____A C:\Windows\System32\Drivers\Cat.DB

2012-12-27 22:44 - 2012-12-27 22:44 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\TestApp

2012-12-27 22:43 - 2012-12-27 22:42 - 04166136 ____A (PC Tools) C:\Users\Vostro420\Downloads\spdoc.exe

2012-12-27 22:38 - 2012-12-27 22:38 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Vostro420\Downloads\tdsskiller.exe

2012-12-27 19:54 - 2012-12-27 19:54 - 00000000 ____D C:\Windows\pss

2012-12-27 12:24 - 2011-06-26 22:50 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\Skype

2012-12-22 09:29 - 2012-12-22 09:29 - 00122880 _RASH C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll

2012-12-21 03:20 - 2009-07-13 20:33 - 01761288 ____A C:\Windows\System32\FNTCACHE.DAT

2012-12-16 06:13 - 2012-12-21 03:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-16 06:13 - 2012-12-21 03:00 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-14 16:27 - 2011-06-22 23:05 - 00000000 ____D C:\Users\Vostro420\AppData\Local\Google

2012-12-13 08:25 - 2011-06-22 23:08 - 00002467 ____A C:\Users\Vostro420\Desktop\Google Chrome.lnk

2012-12-13 08:23 - 2012-12-13 08:23 - 00000000 ____D C:\Program Files\Common Files\Skype

2012-12-13 08:23 - 2011-06-26 22:48 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk

2012-12-13 08:23 - 2011-06-26 22:48 - 00000000 ___RD C:\Program Files\Skype

2012-12-13 08:23 - 2011-06-26 22:47 - 00000000 ____D C:\Users\All Users\Skype

2012-12-12 22:44 - 2011-06-23 00:08 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-12-12 22:39 - 2011-06-23 01:41 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-12-11 15:06 - 2012-07-02 09:06 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-12-11 15:06 - 2011-06-22 23:54 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-12-10 14:54 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF

2012-12-10 10:49 - 2012-12-10 10:48 - 00012800 ____A C:\Users\Vostro420\Downloads\bbc829aa9ef74e879b55048ec74287c5.xls

2012-12-03 05:37 - 2011-06-23 00:42 - 00000000 ____D C:\Users\Vostro420\AppData\Roaming\HpUpdate

2012-11-30 15:53 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 4094.99 MB

Available physical RAM: 3589.27 MB

Total Pagefile: 4093.27 MB

Available Pagefile: 3589.39 MB

Total Virtual: 2047.88 MB

Available Virtual: 1944.7 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:190.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive f: () (Removable) (Total:1.88 GB) (Free:1.62 GB) FAT

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (Data) (Fixed) (Total:931.51 GB) (Free:733.1 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 298 GB 1024 KB

Disk 2 Online 1922 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 931 GB 1024 KB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y Data NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 298 GB 40 MB

=========================================================

Disk: 1

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 1

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1921 MB 16 KB

=========================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 1921 MB Healthy

=========================================================

Last Boot: 2012-12-25 00:58

==================== End Of Log ============================

Link to post
Share on other sites

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


start
HKU\Vostro420\...\Run: [fvsrrymfan] rundll32 "C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll",Mfhewg [122880 2012-12-22] ()
C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll
end

Now please enter System Recovery Options as you did to get the log.

Run FRST64 or FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next,

Download and save DDS to your Desktop from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

Double click DDS to run the scan, Vista or Windows 7 user accept UAC alert.

There will be an alert that two logs will be saved to the Desktop, DDS.txt and Attach.txt

Copy and paste those two logs to your reply when the scan is complete....

Post those 3 logs, let me know if any issues or concerns remain...

Kevin

Link to post
Share on other sites

Kevin,

MSE appears to be working fine and links in Google are now going to the correct places. Everything looks fine. Thanks for the help. Really appreciate it. Please find below the logs as requested.

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-12-2012

Ran by SYSTEM at 2012-12-29 13:08:45 Run:1

Running from F:\

==============================================

HKU\start\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ Value not found.

HKEY_USERS\Vostro420\Software\Microsoft\Windows\CurrentVersion\Run\\fvsrrymfan Value deleted successfully.

HKU\HKU\Vostro420\...\Run: [fvsrrymfan] rundll32 "\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\fvsrrymfan Value not found.

HKU\C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll",Mfhewg [122880 2012-12-22] ()C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\fvsrrymfan Value not found.

C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll,Mfhewg [122880 2012-12-22] ()C:\Users\Vostro420\AppData\Roaming\bitsadmina.dll not found.

HKU\end\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\fvsrrymfan Value not found.

==== End of Fixlog ====

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457

Run by Vostro420 at 13:12:46 on 2012-12-29

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.1774 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AERTSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe

C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Siber Systems\GoodSync\GoodSync.exe

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\vostro420\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [GoodSync] "c:\program files\siber systems\goodsync\GoodSync.exe" /min

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [ToolboxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

mRun: [HP LaserJet Professional M1530 MFP Series Fax] c:\program files\hp\digital imaging\fax\fax driver 0.6 base\hppfaxprintersrv.exe "HP LaserJet Professional M1530 MFP Series Fax"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch

mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ACSW14EN] "c:\program files\acd systems\acdsee\14.0\ACDSeeInTouch2.exe" /pid ACSW14EN

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} - hxxps://vt.globalpay.com/admin/objects/smsx.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{8115AB82-A9F0-46A3-A2A9-974C3D20D46B} : DHCPNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R1 MpKsldb69a728;MpKsldb69a728;c:\programdata\microsoft\microsoft antimalware\definition updates\{069115c9-3316-447f-9303-5d8959b0a29b}\MpKsldb69a728.sys [2012-12-29 29904]

R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2011-6-22 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2011-7-1 18240]

R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-1-13 3002808]

R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]

R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2011-12-22 21320]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2009-11-3 14592]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-28 14848]

S3 Sage Simply Accounting Transaction Manager 2011 - CDN;Sage Simply Accounting Transaction Manager 2011 - CDN;c:\program files\winsim\transactionmanager2011 - cdn\Sage_SA.TransactionManager.exe [2011-6-7 46408]

S3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files\winsim\transactionmanager2012 - cdn\Sage_SA.TransactionManager.exe [2012-6-8 46440]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-28 49664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-23 1343400]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-12-29 21:10:23 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{069115c9-3316-447f-9303-5d8959b0a29b}\MpKsldb69a728.sys

2012-12-29 17:56:16 -------- d-----w- C:\FRST

2012-12-29 05:46:43 -------- d-----w- C:\_OTL

2012-12-29 05:18:38 740840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8cb422e3-a101-48d4-ab39-85998eb0a70f}\gapaengine.dll

2012-12-29 05:18:33 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{069115c9-3316-447f-9303-5d8959b0a29b}\mpengine.dll

2012-12-29 05:03:06 -------- d-----w- c:\program files\Microsoft Security Client

2012-12-29 04:42:41 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-12-29 04:42:39 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{05855468-169c-405f-a34a-8cfdd478f971}\mpengine.dll

2012-12-29 04:05:22 -------- d-----w- c:\users\vostro420\appdata\roaming\Malwarebytes

2012-12-29 04:05:15 -------- d-----w- c:\programdata\Malwarebytes

2012-12-29 04:05:00 -------- d-----w- c:\users\vostro420\appdata\local\Programs

2012-12-29 03:51:38 247808 ----a-w- c:\windows\system32\schannel.dll

2012-12-29 03:51:37 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-12-29 03:51:37 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-12-29 03:51:37 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-12-29 03:51:37 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-12-29 03:51:35 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-12-28 07:00:19 -------- d-----w- c:\program files\PC Tools

2012-12-28 06:46:20 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2012-12-28 06:46:17 -------- d-----w- c:\program files\common files\PC Tools

2012-12-28 06:45:00 -------- d-----w- c:\programdata\PC Tools

2012-12-28 06:44:57 -------- d-----w- c:\users\vostro420\appdata\roaming\TestApp

2012-12-28 03:54:02 -------- d-----w- c:\windows\pss

2012-12-22 17:29:24 122880 --sha-r- c:\users\vostro420\appdata\roaming\bitsadmina.dll

2012-12-21 11:00:44 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 11:00:44 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 13:30:06 2345984 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-12-11 23:06:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 23:06:55 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-10-22 05:13:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-22 05:13:03 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

============= FINISH: 13:13:59.73 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 22/06/2011 11:43:34 PM

System Uptime: 29/12/2012 1:09:37 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0N185P

Processor: Intel® Core2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2328/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 190.729 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 733.094 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 7000 E809a

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 7000 E809a

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet M1536dnf MFP

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: Hewlett-Packard

Name: HP LaserJet M1536dnf MFP

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

7000E809a

7000E809a_eDocs

7000E809a_Help

ACDSee 14

Add or Remove Adobe Creative Suite 3 Design Premium

Adobe Acrobat 8 Professional

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Design Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 9 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.4)

Adobe Setup

Adobe SING CS3

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

Bing Rewards Client Installer

BPDSoftware

BPDSoftware_Ini

BufferChm

D-Link SmartConsole Utility

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Resource CD

DeviceDiscovery

Dynex All-in-1 Card Reader

EST Desktop 2.0 2.0.1211.0.11

GoodSync

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP Customer Participation Program 14.0

HP FWUpdateEDO3

HP Imaging Device Functions 14.0

HP LaserJet Professional M1530 MFP Series

HP LJ M1530 MFP Series HP Scan

HP Officejet 7000 E809a Series

HP Photo Creations

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPDiagnosticAlert

HPLaserJetHelp_LearnCenter

HPLJUT

hppFaxDrvM1530

hppFaxUtilityM1530

hppLaserJetService

hppM1530LaserJetService

HPProductAssistant

hppSendFaxM1530

hppTLBXFXM1530

HPSSupply

hpzTLBXFX

I.R.I.S. OCR

Java Auto Updater

Java 6 Update 37

Logitech Webcam Software

MailingCheck

MarketResearch

MeadCo ScriptX (v7.0.0.8 (x86))

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Small Business 2007

Microsoft Office Word MUI (English) 2007

Microsoft Outlook 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyPhotoCreations

MySQL Connector/ODBC 3.51

Network

PDF Settings

Picasa 3

Polar Precision Performance SW

Polar WebLink 2.4.11

ProductContext

QNAP Finder

Realtek High Definition Audio Driver

RoboForm 7-8-4-7 (All Users)

Sage Download Manager

Sage Simply Accounting 2011

Sage Simply Accounting 2012

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SendBlaster

Shop for HP Supplies

Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

Silicon Laboratories USBXpress Device (Driver Removal)

Skype Click to Call

Skype™ 6.0

SmartWebPrinting

SolutionCenter

Status

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

WeatherLink 5.9.2

WeatherLink 5.9.3

WebReg

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

29/12/2012 1:11:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

28/12/2012 7:07:18 PM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

28/12/2012 10:36:39 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

27/12/2012 7:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

27/12/2012 7:57:45 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 7:53:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

27/12/2012 11:02:42 PM, Error: PCTCore [280] -

27/12/2012 10:28:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

27/12/2012 10:28:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

27/12/2012 10:28:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

27/12/2012 10:28:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

27/12/2012 10:28:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

27/12/2012 10:28:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

23/12/2012 2:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user FB-02-V420\Vostro420 SID (S-1-5-21-784824154-2186569503-2690575908-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

Link to post
Share on other sites

Update Malwarebytes and run Quick scan, post that log...

Next,

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post logs from above scans, let me know if any remaining issues...

Kevin

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.29.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Vostro420 :: FB-02-V420 [administrator]

Protection: Enabled

28/12/2012 8:06:24 PM

mbam-log-2012-12-28 (20-06-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211791

Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

# AdwCleaner v2.104 - Logfile created 12/29/2012 at 14:08:21

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Vostro420 - FB-02-V420

# Boot Mode : Normal

# Running from : C:\Users\Vostro420\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Vostro420\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2317 octets] - [29/12/2012 14:08:21]

########## EOF - C:\AdwCleaner[s1].txt - [2377 octets] ##########

Securtity Check is still running (now 5 minutes) "Performing System Health Check" I think it is hanging.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 37

Java version out of Date!

Adobe Flash Player 9 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

OK, run the following:

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

Next,

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

Navigate Start > Computer > C:\ locate and delete FRST folder.

Next,

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for McAfee security scanner if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Go here www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome, untick those options if offered...

Next,

Your Java javaicon.gif maybe out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

http://oldtimer.geekstogo.com/TFC.exe

http://itxassociates.com/OT-Tools/TFC.exe

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Next,

Create a new restore point:

1. Right-click on Computer and go to Properties.

2. Next click on the System Protection link.

3. The System Properties dialog screen opens up and you will want to click on Create.

4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

5. You should see the message "The restore point was created successfully

To remove all but the most recent restore point do the following:

1. Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

2. If prompted, select the drive that you want to clean up, and then click OK.

3. In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

4. If prompted, select the drive that you want to clean up, and then click OK.

5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

6. In the Disk Cleanup dialog box, click Delete.

7. Click Delete Files, and then click OK. Re-Boot your PC.

Let me know if those steps complete, also if any remaining issues..

Kevin

Link to post
Share on other sites

OK, not sure what happened but IE9 is working again.

Everything appears to be working fine.

I wish to thank you for your help. You have been very helpful. I appreciate the methodical approach and clean up afterwards.

Given the failure to detect the malware from Malwarebytes and MSE, is there anything that will prevent future infections?

Cheers,

Rolf

Link to post
Share on other sites

Hiya Rolf,

My own security set up for Windows 7 is :- its own Firewall, Microsoft Security Essentials and Malwarebytes Pro. The Windows FW and MSE are free, the licence for Malwarebytes Pro is approx 20 GBP, the licence is for life, that will give realtime protection and auto updates. I also use a couple of addons for Firefox (my preferred browser) Adblock Plus, Web of Trust (WOT) and Ghostery. You may also want to consider WinPatrol, there is a free version available, you can read about it in the following closure:

If you have no remaining issues here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,

Yellow for caution, and

Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If all now ok can we close out your thread....

Take care,

Kevin

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.