Jump to content

Recommended Posts

Apparently, the Trojans are having a family reunion and all of their friends and relatives have shown up and are having a party on my PC...It's now time for these guys to leave, and I need some expert assistance getting that done:

I was first attacked on January 29, and have evidence of the following "guests" on my computer:

  • Medfos.B
  • ZeroAccess.ia
  • Win32/Karagany.I
  • Win32/Fareit.gen!I
  • Win32/Sirefef!cfg
  • Win64/Sirefef.AE
  • Win32/Fareit
  • Win32/Uryusy.C
  • Win32/CeeInject.gen!HL
  • Exploit:Java/CVE-2013-0422
  • Exploit:Java/CVE-2013-0422.C
  • RDN/Generic Downloader.xlm
  • Fake-Alert-SecurityTool.ha
  • Medfos-FAVB!FBC80A1CA097
  • Medfos-FAVB!BFB50AF59AD5
  • Trojan.Ransom.NDF
  • Backdoor.Bot
  • Startnow Toolbar/startnow.com
  • FBI-MoneyPak

INCIDENT/ATTACK DETAILS:

Tuesday, January 29 2013 @ 1642 CST: Browsing in Chrome, I arrived @ designmodo.com (first time at that site). Prompted for permission to run Java, selected "Run this one time." Prompted to install a newer version of Adobe Flash, and selected 'yes.' (This was fake, and I should have known better.) Chrome behaved erratically for a few seconds, after which the FBI-MoneyPak page appeared. I shut down with Ctl=alt-delete. Upon restart, McAfree notified detection and removal of ZeroAccess.ia.

SYSTEM ISSUES/SYMPTOMS:

  • Unable to activate Windows Firewall recommended settings (Windows Firewall can't change some of your settings. Error code 0x80070424)
  • Unable to start Windows Security Center Service
  • McAfee Firewall turns itself off every 20 minutes or so, and is sometimes difficult to turn back on.
  • Computer runs slow. Examples: A McAfee full scan initiated on 2/3 required 27 hours to complete. The DDS scan today required about four times longer to run than the one I ran a few days ago.
  • I've not had the opportunity yet to check out my installed applications, so don't know if there are any issues with those.

WHAT I HAVE (AND HAVE NOT) DONE SO FAR:

  • Have copied most of my data files to the cloud in prepartion for cleaning my PC.
  • Most days, I have limited time online to checking email and researching these issues. I did need to be online overnight while uploading my data files to the cloud (which required nearly 20 hours over a couple of days). Otherwise, I keep Chrome and IE closed and the power to the wireless router turned off.
  • Have used Internet Explorer 9 since the attack instead of the default browser, Chrome.
  • Ran several quick scans AND full scans with both McAfree VirusScan AND Microsoft Security Essentials, the initial scans occurring immediately (within 2 minutes) following the attack. Each program detects different infections each time, and several scans have been clean. Detections were quarantined, and some detections, but not all, were removed.
  • Visually reviewed every single file on the hard drive that was modified on 1/29/13 after the infection, finding numerous suspicious files (kept a log, but did not delete any files).
  • Installed, updated and ran Malwarebytes Anti-Malware several times. Different infections found on three occasions, and a couple scans were clean, including the most recent one.
  • Installed and ran RogueKiller, which found ZeroAcess amoung other issues: Did NOT delete any found items.
  • Disabled the StartNow extension in Chrome.
  • Uninstalled StartNow Toolbar in Windows
  • Java is out of date and was likely the vulnerability that allowed this attack. To date, I have not uninstalled, nor updated it.
  • I've kept logs and screenshots of most everything done since the infection began.
  • I normally reboot once each day and delete files in %temp% and the Recycle bin after restarting. I took a screenshot of today's temp files before deleting, as there were several that I thought were suspect.

After a good deal of research, I decided early on to request assistance here at Malwarebytes; I ran a DDS scan on 1/31/2013 and another one today. The dds.txt and attach.txt files from today's scan follow. Due to other committments, this is my first opportunity for extended time to get this solved. I need guidance and assistance, as it is critical that I solve/clean this correctly. Thank you in advance for your assistance, and please let me know if there is anything else you require to get started.

~Karen

'Woe_is_Me_n_myPC'

DDS LOG 2/4/2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Karen Diamond at 18:05:36 on 2013-02-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2241 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

C:\Program Files\Logitech\ScrollApp\KhalScroll.exe

C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe

C:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://lenovo.msn.com

uProxyOverride = 192.168.*.*;*.local

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625085447.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -

TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [skyDrive] "C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BI29JVB05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1

uRunOnce: [uninstall C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Online Backup Auto Update] "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe"

mRun: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SECURE~1.LNK - C:\Windows\System32\schtasks.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{927AAC25-52C7-4C26-9BB2-44D644A5EFB8} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{927AAC25-52C7-4C26-9BB2-44D644A5EFB8}\C696E6B6379737F5B656C6C6F6577686 : DHCPNameServer = 192.168.254.254

TCP: Interfaces\{D2E38DC4-14B8-4C06-919A-DFB509A236E6} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} -

Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli ACGina

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mWinlogon: Userinit = userinit.exe,

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625085447.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-BHO: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\LogiSmooth.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [AcWin7Hlpr] ABLER.EXE

x64-Run: [cssauth] T

x64-Run: [synTPEnh] H.EXE

x64-Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE

x64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE

x64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE

x64-Run: [LogiScrollApp] C:\Program Files\Logitech\ScrollApp\KhalScroll.exe

x64-Run: [EvtMgr6] G

x64-Run: [MSC] KEY

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned>

x64-Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-10-15 771096]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-4-18 339776]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2009-10-9 23592]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-11-29 15472]

R2 FilesystemWatcher;Filesystem Watcher;C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2011-7-16 24576]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-10-4 50536]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-11-29 101736]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-10-4 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-11-29 133992]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-18 241016]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-18 218320]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-4-18 182312]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]

R2 OnlineBackupSchedulerService;Online Backup Scheduler;C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe [2011-7-17 24576]

R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-11-29 145256]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-11-29 142696]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-27 2320920]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-27 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-27 158848]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-27 271872]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-4-18 309400]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-4-18 515528]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]

R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-12-9 25072]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2010-5-27 206080]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 azvusb;Virtual USB Hub;C:\Windows\System32\drivers\azvusb.sys [2009-8-24 54784]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-4-18 69672]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-1-15 16776]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-1-15 9096]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-27 196440]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-4-18 106112]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 PCTV340_801;YUAN based TV tuner device;C:\Windows\System32\drivers\dvb7700all.sys [2010-3-10 946176]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-27 75112]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-27 239136]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-14 1255736]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-8-18 29288]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-8-18 29288]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-8-18 29288]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-8-18 29288]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-8-18 29288]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S4 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-2-8 77312]

.

=============== Created Last 30 ================

.

2013-02-04 23:21:02 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEC694FB-FFAA-4A80-A8AC-24F38FDE15DF}\mpengine.dll

2013-02-04 00:15:35 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-01 16:51:09 -------- d-----w- C:\Program Files (x86)\Belarc

2013-01-31 03:07:59 -------- d-----w- C:\Users\Christian\AppData\Roaming\Malwarebytes

2013-01-31 03:07:32 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-31 03:07:31 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-31 03:07:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-17 02:06:18 -------- d-----w- C:\Users\Christian\AppData\Roaming\CmapTools

2013-01-17 02:06:16 -------- d-----w- C:\Users\Christian\CmapToolsLogs

2013-01-17 02:04:11 -------- d-----w- C:\Program Files\IHMC CmapTools

2013-01-17 02:04:10 -------- d--h--w- C:\Program Files\Zero G Registry

2013-01-17 01:58:39 -------- d--h--w- C:\Users\Christian\InstallAnywhere

2013-01-16 18:02:01 -------- d-----w- C:\Users\Christian\AppData\Roaming\Blackboard

2013-01-09 12:09:41 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-09 12:09:39 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-09 12:09:39 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-09 12:09:38 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-01-09 12:09:14 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 12:09:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-09 12:09:12 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-09 12:09:12 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-09 12:09:09 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-01-09 12:09:09 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-01-09 12:07:40 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-09 12:05:46 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-09 02:15:42 -------- d-----w- C:\Users\Christian\AppData\Roaming\Elluminate

.

==================== Find3M ====================

.

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-08 23:05:34 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 23:05:34 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-26 15:55:26 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2012-12-26 15:52:44 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2012-12-26 15:52:34 182312 ----a-w- C:\Windows\System32\mfevtps.exe

2012-12-26 15:51:34 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-12-26 15:51:24 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2012-12-26 15:50:48 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2012-12-26 15:49:42 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2012-12-26 15:49:00 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2012-12-26 15:48:30 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-08 17:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll

.

============= FINISH: 18:05:50.52 ===============

ATTACH.TXT 2/4/2013

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/13/2011 11:20:47 PM

System Uptime: 2/4/2013 3:07:15 PM (3 hours ago)

.

Motherboard: LENOVO | | 0578A25

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU 1 | 2266/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 297 GiB total, 159.524 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP246: 1/23/2013 9:01:12 AM - Windows Update

RP247: 1/27/2013 7:02:11 AM - Windows Update

RP248: 1/31/2013 10:03:13 AM - Windows Update

RP249: 2/3/2013 6:11:43 PM - Windows Update

.

==== Installed Programs ======================

.

Registry Patch to arrange icons in Device and Printers folder of Windows 7

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

64 Bit HP CIO Components Installer

ABC Inventory Software

Access Help

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Amazon Kindle

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AT&T Service Activation

AVG PC Tuneup 2011

Belarc Advisor 8.3

Bing Bar

Bing Rewards Client Installer

Bonjour

BufferChm

Burn.Now 4.5

Business Contact Manager for Outlook 2007 SP2

Canvas for Microsoft® OneNote® 2007

Celtx (2.9.1)

Cisco Connect

Client Security - Password Manager

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Coupon Printer for Windows

Cox Secure Online Backup for Windows

Create Recovery Media

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Direct DiscRecorder

DivX Setup

DocMgr

DocProc

EASEUS Partition Master 6.5.2 Home Edition

eReg

Evernote v. 4.5.8

Fax

FeedDemon

GIMP 2.8.2

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.2.0.952

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HomyFads Wardrobe Manager 2.3

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP FWUpdateEDO2

HP Imaging Device Functions 13.0

HP Officejet 4500 G510n-z

HP Photo Creations

HP Photosmart 5510 series Basic Device Software

HP Photosmart 5510 series Help

HP Product Detection

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPProductAssistant

IBM Lotus Forms Viewer 3.5.1

IHMC CmapTools v5.05.01

Inkscape 0.48.2

Integrated Camera

Intel AppUp(SM) center

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

InterVideo WinDVD 8

IrfanView (remove only)

iTunes

Java 7 Update 9

Java Auto Updater

Java™ 6 Update 17 (64-bit)

Java™ 6 Update 24

JavaFX 2.1.1

Junk Mail filter update

Lenovo Auto Scroll Utility

Lenovo Patch Utility

Lenovo Patch Utility 64 bit

Lenovo Power Management Driver

Lenovo System Interface Driver

Lenovo System Update

Lenovo ThinkVantage Toolbox

Lenovo Warranty Information

Lenovo Welcome

Logitech Scroll App 3.0

Logitech SetPoint 6.32

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

McAfee Security Scan Plus

McAfee SecurityCenter

McAfee Virtual Technician

Message Center Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Runtime (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Small Business Connectivity Components

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Web Access S/MIME

Microsoft Outlook Web Access S/MIME (2007)

Microsoft Research AutoCollage Touch 2009

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

MindMaple Lite 1.23

Mobile Broadband Connect

MotoHelper MergeModules

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.2 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Network64

Nikon File Uploader 2

Nitro Reader 2

OCR Software by I.R.I.S. 13.0

On Screen Display

OpenOffice.org 3.2

Opera 12.00

PC Pitstop Exterminate2 2.0

PCTV Package - Windows Media Center

Picture Control Utility

PlayReady PC Runtime amd64

pptPlex from Microsoft Office Labs

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

Rescue and Recovery

Samsung Master

Samsung USB Driver

Scan

Screenpresso

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shared C Run-time for x64

SimpleDiagrams

Skype Click to Call

Skype™ 6.0

SmartWebPrinting

Softonic toolbar on IE and Chrome

SolutionCenter

Spyware Terminator

Status

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkVantage Access Connections

ThinkVantage Active Protection System

ThinkVantage Communications Utility

Todoist version 2.1

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Verizon Wireless Mobile Broadband Self Activation

ViewNX 2

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

WebReg

WinAce Archiver

Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)

Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)

Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)

Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)

Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/10/2009 6.0.1.6000)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

2/4/2013 5:48:29 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.

2/4/2013 5:34:28 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

2/4/2013 5:21:09 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

2/4/2013 5:21:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

2/4/2013 5:21:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/4/2013 5:21:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/4/2013 3:09:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/4/2013 3:08:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/4/2013 3:08:20 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

2/4/2013 3:08:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

2/4/2013 3:07:49 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2/4/2013 3:07:44 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

2/4/2013 2:16:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user laptop\Karen Diamond SID (S-1-5-21-3141890560-1126282600-1657700442-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/4/2013 2:16:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user laptop\Karen Diamond SID (S-1-5-21-3141890560-1126282600-1657700442-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/4/2013 12:02:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/3/2013 6:20:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/3/2013 3:42:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/2/2013 5:57:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/2/2013 5:21:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/2/2013 4:18:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/1/2013 9:57:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

2/1/2013 9:53:21 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:53:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

2/1/2013 9:53:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

2/1/2013 9:52:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

2/1/2013 9:52:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

2/1/2013 9:50:00 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/1/2013 9:48:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/1/2013 9:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/1/2013 9:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/1/2013 9:48:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/1/2013 9:48:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/1/2013 9:48:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache lenovo.smi mfehidk MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/1/2013 9:05:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

2/1/2013 8:38:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

2/1/2013 10:13:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 9:58:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 9:58:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 8:53:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 7:08:04 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/31/2013 4:31:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 2:09:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 2:09:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 10:09:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 10:09:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/31/2013 10:05:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/30/2013 9:46:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/30/2013 9:44:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.

1/30/2013 9:17:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/30/2013 9:17:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/30/2013 6:40:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

1/29/2013 8:33:39 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

1/29/2013 4:52:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Well you certainly seem to have the motherlode of infections here.

Do you have your Windows disc handy? Some of those infections are backdoors and could have compromised your computer.

=====

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please provide the contents of the following:

  • ComboFix.txt.
  • Both MBAR logs.

Link to post
Share on other sites

Hello, DarkKnight, thank you for your reply and assistance.

snapback.pngTheDarkKnight, on 04 February 2013 - 11:06 PM, said: Do you have your Windows disc handy? Some of those infections are backdoors and could have compromised your computer.

To answer your question, I do have three recovery discs and a boot disc on DVD. Of course I have no actual Windows installation discs (haven't seen any of those for years), due to the pre-installed OS on this laptop.

Meanwhile, I ran ComboFix first, and then MBAR. Surprisingly, the MBAR result was no malware found, and indicated no cleanup was needed.

Issues with ComboFix: A pre-scan warning dialog indicated two copies each of McAfree AV and Microsoft Security Essentials were enabled and running, when I had actually disabled both. I double-checked both apps, which were indeed disabled, and even used Task Manager, viewing all users, to figure out exactly what was running. (Found only McAfree processes, no MSE processes). After several attempts to end processes or stop services on a number of McAfree-related items, (Operation could not be completed, Access denied), I gave up, unable to kill them all. ComboFix Warning dialog: Real time scanners still active - CF shall continue to run....be advised at your own risk. I proceeded with the scan. Note, the MBAM log from yesterday also indicated AV software was running, when I had in fact disabled RT scanning in both. So that issue remains a mystery.

ComboFix ran nearly 20 minutes, then restarted my machine. No other issues.

Spoke too soon..... while attaching the log files, I received two BSODs: 'Workerthread returned at Bad IRQL'. Saved the Problems signatures if you need them. Meanwhile, am trying for a third time to attach the CF and MBAR logs.

Awaiting your next directive, DarkKnight. Thank you!

~Karen

Woe_is_Me_n_myPC

ComboFix and MBAR logs attached

ComboFix.txt

mbar-log-2013-02-05 (13-00-58).txt

system-log.txt

Link to post
Share on other sites

Good afternoon Woe_is_Me_n_myPC,

To answer your question, I do have three recovery discs and a boot disc on DVD. Of course I have no actual Windows installation discs (haven't seen any of those for years), due to the pre-installed OS on this laptop.

OK well time to take the infections out, one by one.

I see you have the Softtonic Toolbar installed. It has been known to exhibit suspicious behaviour (please see here for more information). I recommend removing it.

I notice that you are running multiple antivirus programs:

  • McAfee
  • Microsoft Security Essentials

Running multiple antivirus programs is dangerous because the programs can conflict with each other and actually reduce your security. I recommend removing McAfee and keeping Microsoft Security Essentials as your antivirus program.

Please go to Start>Control Panel>Programs and uninstall the following programs:

  • McAfee Antivirus
  • Softtonic Toolbar

Please restart your computer after these program removals.

=====

Also, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Hello DarkKnight,

  • Uninstalled Softtonic, which I intended to do anyway...don't need or want. Q - On that topic, may I go ahead and uninstall the Bing Toolbar as well? (Was not aware it was on my system.)
  • Uninstalled McAfee Security Center, but left McAfee Site Advisor on, as it turned out to be a separate module with a seperate uninstall option. Please advise if this is okay.
  • Also uninstalled an older, abandoned (non-running) version of McAfree Security Scan Plus.

Thanks for the tip on retaining Microsoft Security Essentials...I intended to ask you which one I ought to keep anyway. Since the infection occurred, I have run both programs (despite knowing I should not!), but they were each detecting different infections and I was trying to capture everything possible.

OTL logs follow, perhaps in two posts, as you suggested.

I'll stand by for a short while in case you reply, otherwise I'll resume work in 7-8 hours or so.

Thanks,

~Karen

Woe_is_Me_n_myPC

OTL logfile created on: 2/6/2013 12:44:18 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.26% Memory free

7.60 Gb Paging File | 5.56 Gb Available in Paging File | 73.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.92 Gb Total Space | 158.36 Gb Free Space | 53.33% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Karen Diamond | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/06 00:35:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

PRC - [2012/11/16 10:39:10 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

PRC - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE

PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2011/07/12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe

PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2010/07/27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

PRC - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe

PRC - [2010/03/01 12:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

PRC - [2010/03/01 12:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

PRC - [2010/03/01 12:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

PRC - [2010/03/01 12:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

PRC - [2009/11/03 22:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/11/03 22:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/13 00:44:42 | 000,229,392 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012/04/11 15:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)

SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV:64bit: - [2010/07/27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)

SRV:64bit: - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)

SRV:64bit: - [2009/10/09 13:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)

SRV:64bit: - [2009/09/21 17:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2009/09/21 17:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/01/12 12:35:33 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/08 17:05:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/23 15:20:54 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/07/17 00:06:32 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)

SRV - [2011/07/16 23:59:02 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Running] -- C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)

SRV - [2011/05/20 17:01:33 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/01 12:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)

SRV - [2010/03/01 12:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2010/01/05 12:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2009/11/03 22:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009/11/03 22:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/10/21 12:50:02 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/04/11 15:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/26 19:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)

DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/12/09 16:52:42 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)

DRV:64bit: - [2010/11/29 04:23:18 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)

DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)

DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)

DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)

DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)

DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)

DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)

DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)

DRV:64bit: - [2010/07/07 10:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)

DRV:64bit: - [2010/04/22 23:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/10 13:36:54 | 000,946,176 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvb7700all.sys -- (PCTV340_801)

DRV:64bit: - [2010/03/10 13:36:54 | 000,946,176 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvb7700all.sys -- (mod7700)

DRV:64bit: - [2010/02/08 06:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/01/07 12:51:38 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/01/06 06:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/01/05 12:12:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)

DRV:64bit: - [2009/10/26 15:06:18 | 000,206,080 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)

DRV:64bit: - [2009/10/09 13:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)

DRV:64bit: - [2009/10/09 13:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)

DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/09/15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009/08/24 09:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)

DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\..\SearchScopes\{BC3FA9F5-3E72-4774-BD60-286EF9A8F7B8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{01FD8782-EAB1-4421-A9BC-6AFE864B9BC8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {A2053CA9-89A8-4ACB-95C8-F69E86A27C55}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60446

IE - HKCU\..\SearchScopes\{1EFF7ECB-05A9-4E61-A43C-5E70F1E5643B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8

IE - HKCU\..\SearchScopes\{389A7F9C-4701-4590-8C7F-EE9C475B0F28}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKCU\..\SearchScopes\{4A0FE87B-3640-4E2A-A237-645B533666F4}: "URL" = http://search.softonic.com/MON00086/tb_v1?q={searchTerms}&SearchSource=4&cc=

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={36F06055-0672-4752-A82D-21D851DBFC15}&mid=74ae845516a047d68bcb1943ef772fe1-943ad73ac82dc575a21ec82be29eb80d936eaee7〈=en&ds=AVG&pr=fr&d=2012-01-20 13:21:31&v=10.0.0.7&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{A2053CA9-89A8-4ACB-95C8-F69E86A27C55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_en

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt [2011/11/21 08:14:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/14 13:20:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/13 14:51:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/02 12:31:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 12:34:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/02 12:31:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 12:34:53 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/01/09 09:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions

[2012/01/09 09:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\celtx@celtx.com

[2012/03/16 14:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npProductDetectPlugin.dll

CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npAclmPlugin.dll

CHR - plugin: HP Pit Plugin (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npPitPlugin.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: AppUp (Disabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll

CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: HP Product Detection Plugin = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\

CHR - Extension: Slinky Elegant = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\

CHR - Extension: Adblock Plus = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\

CHR - Extension: DoNotTrackMe = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\

CHR - Extension: SiteAdvisor = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\

CHR - Extension: Logitech Scroll App = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi\3.0.29_1\

CHR - Extension: Mind42 = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icodbndgedclejcmgnjfigcclgafddhh\2.0_0\

CHR - Extension: Skype Click to Call = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Ghostery = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\

CHR - Extension: Do It (Tomorrow) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo\1.1.0_0\

CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Vyew = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogcldakngnllchlnncngiailfhidjjdp\4.11.0_0\

O1 HOSTS File: ([2013/02/05 11:16:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2:64bit: - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\LogiSmooth.dll (Logitech, Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL File not found

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll (Logitech, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AcWin7Hlpr] ABLER.EXE File not found

O4:64bit: - HKLM..\Run: [cssauth] T File not found

O4:64bit: - HKLM..\Run: [EvtMgr6] G File not found

O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found

O4:64bit: - HKLM..\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found

O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Program Files\Logitech\ScrollApp\KhalScroll.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] KEY File not found

O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found

O4:64bit: - HKLM..\Run: [synTPEnh] H.EXE File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()

O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe ()

O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exe (DigiData Corp.)

O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKCU..\Run: [skyDrive] C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secure Online Backup.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927AAC25-52C7-4C26-9BB2-44D644A5EFB8}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2E38DC4-14B8-4C06-919A-DFB509A236E6}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Handler\x-excid - No CLSID value found

O18:64bit: - Protocol\Handler\x-owacid - No CLSID value found

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll File not found

O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/06 00:35:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2013/02/05 11:51:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\mbar-1.01.0.1017

[2013/02/05 11:28:08 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/02/05 11:19:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/02/05 10:57:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/02/05 10:57:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/02/05 10:57:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/02/05 10:31:31 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/02/05 10:31:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/02/05 10:20:20 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe

[2013/02/05 09:06:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\GETWELLSOON

[2013/02/04 18:04:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\first

[2013/02/04 17:29:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\dds.com

[2013/02/04 15:15:37 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\temp1515

[2013/02/02 18:46:30 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Desktop Organization

[2013/02/02 18:10:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\__Shortcuts to Sort

[2013/02/01 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc

[2013/02/01 10:29:07 | 010,749,984 | ---- | C] (McAfee Inc.) -- C:\Users\Christian\Desktop\Stinger.exe

[2013/01/31 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\RK_Quarantine

[2013/01/30 21:07:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes

[2013/01/30 21:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/01/30 21:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/30 21:07:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/01/30 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/01/30 19:42:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\___________suspect

[2013/01/30 18:14:09 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe

[2013/01/16 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\My Cmaps

[2013/01/16 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\CmapTools

[2013/01/16 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\CmapToolsLogs

[2013/01/16 20:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools

[2013/01/16 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\IHMC CmapTools

[2013/01/16 20:04:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry

[2013/01/16 19:58:39 | 000,000,000 | -H-D | C] -- C:\Users\Christian\InstallAnywhere

[2013/01/16 12:02:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Blackboard

[2013/01/12 12:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2013/01/09 06:09:14 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/01/09 06:09:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/01/09 06:09:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/01/09 06:09:09 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/01/09 06:08:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/01/09 06:08:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/01/09 06:08:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/01/09 06:08:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/01/09 06:08:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/01/09 06:08:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/01/09 06:08:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/01/09 06:08:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/01/09 06:08:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/01/09 06:08:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/01/09 06:08:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/01/09 06:08:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/01/09 06:08:44 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/01/09 06:08:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/01/09 06:08:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/01/09 06:08:42 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/01/09 06:08:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/01/09 06:08:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/01/09 06:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/01/09 06:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/01/09 06:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/01/09 06:08:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/01/09 06:08:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/01/09 06:08:39 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/01/09 06:08:32 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/01/09 06:08:32 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/01/09 06:08:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/01/09 06:08:31 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/01/09 06:08:31 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/01/09 06:08:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/01/09 06:08:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/01/09 06:08:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/01/09 06:08:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2013/01/09 06:07:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/01/09 06:07:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/01/09 06:07:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/01/09 06:07:35 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/01/09 06:07:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/01/09 06:07:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/01/09 06:07:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/01/09 06:07:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/01/09 06:07:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/01/09 06:07:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/01/09 06:07:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 06:07:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 06:07:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 06:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 06:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 06:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 06:07:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 06:07:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 06:07:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 06:07:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 06:07:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 06:07:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 06:07:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 06:07:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 06:07:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 06:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 06:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 06:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 06:07:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 06:07:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 06:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 06:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 06:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 06:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 06:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 06:07:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 06:07:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 06:07:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 06:07:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 06:07:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 06:07:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 06:07:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 06:07:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 06:07:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 06:07:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 06:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 06:07:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 06:07:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 06:07:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 06:07:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 06:07:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/01/09 06:07:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/01/09 06:07:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 06:07:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 06:07:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 06:07:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 06:07:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/08 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Elluminate

[2 C:\Users\Christian\Desktop\*.tmp files -> C:\Users\Christian\Desktop\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/06 00:50:18 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2013/02/06 00:43:28 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/06 00:43:28 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/06 00:38:22 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/06 00:38:22 | 000,671,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/06 00:38:22 | 000,124,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/06 00:37:16 | 000,001,307 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2013/02/06 00:35:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe

[2013/02/06 00:34:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/06 00:34:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/06 00:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/06 00:30:13 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/06 00:15:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job

[2013/02/06 00:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/05 15:18:03 | 537,549,394 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/02/05 11:16:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/02/05 10:20:23 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe

[2013/02/05 09:29:12 | 013,562,257 | ---- | M] () -- C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip

[2013/02/04 17:30:15 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\dds.com

[2013/02/04 09:45:59 | 000,487,100 | ---- | M] () -- C:\Users\Christian\Documents\bookmarks_2_4_13.html

[2013/02/04 09:37:21 | 000,065,249 | ---- | M] () -- C:\Users\Christian\Documents\bookmark.htm

[2013/02/01 10:51:11 | 000,002,103 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk

[2013/02/01 10:29:08 | 010,749,984 | ---- | M] (McAfee Inc.) -- C:\Users\Christian\Desktop\Stinger.exe

[2013/01/30 21:07:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/30 18:16:18 | 000,768,512 | ---- | M] () -- C:\Users\Christian\Desktop\RogueKiller.exe

[2013/01/30 18:14:24 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe

[2013/01/29 22:16:15 | 000,007,623 | ---- | M] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg

[2013/01/20 20:24:02 | 004,656,329 | ---- | M] () -- C:\Users\Christian\Desktop\windows_phone_8x_by_htc_manual.pdf

[2013/01/16 20:06:11 | 000,001,970 | ---- | M] () -- C:\Users\Christian\.powerupdate.user.properties

[2013/01/13 08:56:45 | 000,002,125 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2013/01/10 05:32:02 | 005,038,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/01/08 17:05:34 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/01/08 17:05:34 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/08 07:35:04 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2 C:\Users\Christian\Desktop\*.tmp files -> C:\Users\Christian\Desktop\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/05 10:57:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/02/05 10:57:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/02/05 10:57:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/02/05 10:57:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/02/05 10:57:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/02/05 09:29:05 | 013,562,257 | ---- | C] () -- C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip

[2013/02/04 09:45:57 | 000,487,100 | ---- | C] () -- C:\Users\Christian\Documents\bookmarks_2_4_13.html

[2013/02/04 09:37:21 | 000,065,249 | ---- | C] () -- C:\Users\Christian\Documents\bookmark.htm

[2013/02/01 10:51:11 | 000,002,103 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk

[2013/02/01 10:51:11 | 000,002,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk

[2013/01/30 21:07:33 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/30 18:15:53 | 000,768,512 | ---- | C] () -- C:\Users\Christian\Desktop\RogueKiller.exe

[2013/01/20 20:23:56 | 004,656,329 | ---- | C] () -- C:\Users\Christian\Desktop\windows_phone_8x_by_htc_manual.pdf

[2013/01/16 20:06:11 | 000,001,970 | ---- | C] () -- C:\Users\Christian\.powerupdate.user.properties

[2013/01/15 20:39:37 | 000,002,851 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Performance, Learning, Leadership, & Knowledge Site.lnk

[2012/11/07 14:32:10 | 000,000,848 | ---- | C] () -- C:\Users\Christian\AppData\Local\recently-used.xbel

[2012/07/26 16:14:21 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2012/07/02 12:11:47 | 000,204,982 | ---- | C] () -- C:\Windows\hpwins28.dat

[2012/07/02 12:11:47 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat

[2012/07/01 15:17:30 | 000,207,571 | ---- | C] () -- C:\Windows\hpwins28.dat.temp

[2012/07/01 15:17:30 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp

[2011/11/18 17:15:24 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/11/18 17:15:24 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/11/18 17:15:24 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe

[2011/11/11 09:24:09 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\customDictionary.lex

[2011/08/21 19:37:17 | 000,033,134 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png

[2011/03/21 14:09:49 | 000,013,776 | ---- | C] () -- C:\Windows\SysWow64\SDEarlyDelete.exe

[2011/03/21 14:09:49 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\SDEarlyDelete.ini

[2011/03/21 14:09:45 | 000,000,104 | ---- | C] () -- C:\Windows\SysWow64\ProxySettings.ini

[2011/03/21 14:09:44 | 000,000,006 | ---- | C] () -- C:\Windows\SysWow64\PSLog.ini

[2011/03/21 14:09:43 | 000,004,977 | ---- | C] () -- C:\Windows\SysWow64\DEFAULT.INI

[2011/03/21 14:09:43 | 000,000,175 | ---- | C] () -- C:\Windows\SysWow64\MAIL.INI

[2011/03/21 14:09:43 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\LiveUpdate.ini

[2011/03/21 14:09:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\ManagementConsole.ini

[2011/03/21 14:09:43 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\COUNTER.INI

[2011/03/21 14:09:43 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\SessionDetails.ini

[2011/02/20 17:47:51 | 000,038,438 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Comma Separated Values (Windows).ADR

[2011/02/16 22:02:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Sync

[2011/02/16 22:02:51 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Ambient

[2011/02/16 22:02:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT

[2011/02/16 22:02:51 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Examples

[2011/02/16 22:02:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Animals

[2011/02/16 22:02:50 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Analog Mono

[2011/02/16 22:02:50 | 000,000,012 | RH-- | C] () -- C:\ProgramData\External Build System

[2011/02/16 19:15:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT

[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard

[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sports

[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Spacious

[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Space Choir

[2011/02/11 21:45:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT

[2011/02/11 21:45:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT

[2011/02/11 21:45:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Speech Enhancer

[2011/02/11 21:45:32 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Soundtrack

[2011/02/11 21:45:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT

[2011/02/09 22:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

[2011/01/15 10:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/01/14 21:34:33 | 000,007,623 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2009/07/24 11:28:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2013/02/05 11:28:06 | 000,029,821 | ---- | M] () -- C:\ComboFix.txt

[2013/02/06 00:30:13 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys

[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2013/02/06 00:30:15 | 4081,639,424 | -HS- | M] () -- C:\pagefile.sys

[2010/05/27 23:19:24 | 000,003,065 | ---- | M] () -- C:\RHDSetup.log

[2010/05/27 23:18:00 | 000,000,205 | ---- | M] () -- C:\setup.log

[2011/02/14 12:44:13 | 000,758,052 | ---- | M] () -- C:\sma.txt

[2011/01/15 14:28:12 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat

[2009/08/26 16:31:50 | 000,644,096 | ---- | M] () -- C:\tvtpwm_message_hook.dll

[2012/03/16 14:29:49 | 000,000,109 | ---- | M] () -- C:\user.js

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Link to post
Share on other sites

DarkKnight....Second OTL log:

OTL Extras logfile created on: 2/6/2013 12:44:18 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.26% Memory free

7.60 Gb Paging File | 5.56 Gb Available in Paging File | 73.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.92 Gb Total Space | 158.36 Gb Free Space | 53.33% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Karen Diamond | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{45A550D7-4565-45DA-8D69-1F6C3C7F3DC0}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |

"TCP Query User{6753D0B3-D632-49D7-892B-141B90A44A77}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |

"UDP Query User{1F2F0C99-06FE-4EC7-AE26-C55E17E28BF9}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |

"UDP Query User{BE5D426A-4F99-42D4-AB7A-7D0513A90137}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit)

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit

"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager

"{424E8E17-A7B7-45B5-8C79-D58F04D9D920}" = HP Photosmart 5510 series Basic Device Software

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C30BB9AD-F9E4-4506-B416-57C03702998D}" = Nitro Reader 2

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DD2AFE07-5DA8-41E9-BB2B-FF0A91A4EB76}" = PCTV Package - Windows Media Center

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)

"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)

"3512AA88B7C41B232F5FF5219DFEEDB41AFC3AEA" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/10/2009 6.0.1.6000)

"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)

"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)

"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)

"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

"GIMP-2_is1" = GIMP 2.8.2

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"IHMC CmapTools v5.05.01" = IHMC CmapTools v5.05.01

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"OnScreenDisplay" = On Screen Display

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Power Management Driver" = Lenovo Power Management Driver

"ProInst" = Intel PROSet Wireless

"Sn1" = Logitech Scroll App 3.0

"sp6" = Logitech SetPoint 6.32

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility

"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 24

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection

"{4FCAA65E-086D-4D49-A292-A5E764667263}" = pptPlex from Microsoft Office Labs

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7

"{512FA709-D3E8-4094-A1B5-39A2A08A8400}" = Microsoft Outlook Web Access S/MIME (2007)

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{630251F6-D575-4FCC-94B8-ABCEFB77A15F}" = Canvas for Microsoft® OneNote® 2007

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6CEFBCFC-602C-492B-A9AE-DFCA56A58FFE}" = ABC Inventory Software

"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver

"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections

"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master

"{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1" = Todoist version 2.1

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2

"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8

"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E173E4C5-FB43-4B3E-AC08-CCCE4CE54825}" = Cox Secure Online Backup for Windows

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EC8B14A3-923A-2C8A-912D-033D24DB28D6}" = SimpleDiagrams

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{F4BD11FE-8C8E-4FB8-826E-D3FDBF1CF037}" = Mobile Broadband Connect

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Belarc Advisor" = Belarc Advisor 8.3

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"Celtx (2.9.1)" = Celtx (2.9.1)

"Cisco Connect" = Cisco Connect

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.simplediagrams" = SimpleDiagrams

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"DivX Setup" = DivX Setup

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition

"FeedDemon_is1" = FeedDemon

"Google Chrome" = Google Chrome

"HomyFads Wardrobe Manager_is1" = HomyFads Wardrobe Manager 2.3

"HP Photo Creations" = HP Photo Creations

"Inkscape" = Inkscape 0.48.2

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"Intel AppUp(SM) center 35228" = Intel AppUp(SM) center

"IrfanView" = IrfanView (remove only)

"Lenovo Welcome_is1" = Lenovo Welcome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"McAfee Virtual Technician" = McAfee Virtual Technician

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MindMaple_is1" = MindMaple Lite 1.23

"Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Opera 12.00.1467" = Opera 12.00

"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0

"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software

"Spyware Terminator_is1" = Spyware Terminator

"WinAce Archiver" = WinAce Archiver

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"GoToMeeting" = GoToMeeting 5.2.0.952

"Screenpresso" = Screenpresso

"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2/3/2013 4:32:58 AM | Computer Name = laptop | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "C:\Program Files (x86)\Lenovo\Access

Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files

(x86)\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.

Error - 2/3/2013 3:15:24 PM | Computer Name = laptop | Source = PC-Doctor | ID = 1

Description =

Error - 2/3/2013 3:33:16 PM | Computer Name = laptop | Source = PC-Doctor | ID = 1

Description =

Error - 2/3/2013 9:01:37 PM | Computer Name = laptop | Source = Windows Backup | ID = 4103

Description =

Error - 2/4/2013 9:11:50 AM | Computer Name = laptop | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 2/4/2013 9:15:47 AM | Computer Name = laptop | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "C:\Program Files (x86)\Lenovo\Access

Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files

(x86)\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.

Error - 2/4/2013 5:25:07 PM | Computer Name = laptop | Source = PC-Doctor | ID = 1

Description =

Error - 2/4/2013 5:37:56 PM | Computer Name = laptop | Source = Application Hang | ID = 1002

Description = The program mbam.exe version 1.70.0.9 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 15d4 Start Time:

01ce031f0422978a Termination Time: 5 Application Path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Report Id: 1cf88c08-6f13-11e2-91ac-c80aa993c612

Error - 2/4/2013 5:40:46 PM | Computer Name = laptop | Source = Application Hang | ID = 1002

Description = The program mbam.exe version 1.70.0.9 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 1b58 Start Time:

01ce032033df1d54 Termination Time: 4 Application Path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbam.exe Report Id: 85b880de-6f13-11e2-91ac-c80aa993c612

Error - 2/5/2013 4:19:09 AM | Computer Name = laptop | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 2/5/2013 4:21:44 AM | Computer Name = laptop | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "C:\Program Files (x86)\Lenovo\Access

Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files

(x86)\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.

[ Lenovo-Message Center Plus/Admin Events ]

Error - 3/22/2011 11:30:18 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp

does not have a Lenovo Digital Signature. The file will be deleted

Error - 3/28/2011 3:56:58 AM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp

does not have a Lenovo Digital Signature. The file will be deleted

Error - 3/29/2011 5:57:59 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 4

Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp

does not have a Lenovo Digital Signature. The file will be deleted

Error - 6/26/2012 1:28:20 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

Error - 10/22/2012 11:34:26 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

Error - 10/29/2012 8:30:48 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

Error - 1/14/2013 7:25:25 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

Error - 1/21/2013 6:58:32 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

[ Media Center Events ]

Error - 11/4/2011 7:12:05 AM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 6:11:59 AM - Error connecting to the internet. 6:11:59 AM - Unable

to contact server..

Error - 11/4/2011 7:14:42 PM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 6:14:42 PM - Error connecting to the internet. 6:14:42 PM - Unable

to contact server..

Error - 11/4/2011 7:14:53 PM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 6:14:47 PM - Error connecting to the internet. 6:14:47 PM - Unable

to contact server..

Error - 11/5/2011 7:33:45 AM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 6:33:45 AM - Error connecting to the internet. 6:33:45 AM - Unable

to contact server..

Error - 11/5/2011 7:34:03 AM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 6:33:50 AM - Error connecting to the internet. 6:33:50 AM - Unable

to contact server..

Error - 11/6/2011 7:41:28 PM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 5:41:28 PM - Error connecting to the internet. 5:41:28 PM - Unable

to contact server..

Error - 11/6/2011 7:42:11 PM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 5:41:59 PM - Failed to retrieve NetTV (Error: The remote name could

not be resolved: 'data.tvdownload.microsoft.com')

Error - 11/6/2011 7:42:35 PM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 5:42:23 PM - Failed to retrieve MCESpotlight (Error: The remote name

could not be resolved: 'data.tvdownload.microsoft.com')

Error - 11/6/2011 7:43:52 PM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 5:42:47 PM - Failed to retrieve MCEClientUX (Error: The remote name

could not be resolved: 'data.tvdownload.microsoft.com')

Error - 11/6/2011 7:44:39 PM | Computer Name = laptop | Source = MCUpdate | ID = 0

Description = 5:44:06 PM - Failed to retrieve SportsSchedule (Error: The underlying

connection was closed: Could not establish trust relationship for the SSL/TLS secure

channel.)

[ System Events ]

Error - 2/6/2013 2:32:28 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:33:00 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:33:58 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:34:20 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:37:40 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:38:10 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 2/6/2013 2:38:10 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:48:10 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:48:41 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

Error - 2/6/2013 2:50:35 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023

Description = The HP Network Devices Support service terminated with the following

error: %%126

< End of report >

Link to post
Share on other sites

Good evening Woe_is_Me_n_myPC,

There are signs of the AVG Security Toolbar in your log. This toolbar comes bundled with Yahoo! and makes changes to your browser settings without your consent. Please see here for more information. I recommend you remove it.

Also, there are signs of the Yahoo! Toolbar in your log. This toolbar comes bundled with other third party applications you may not want installed. Please see here for more information. I recommend you remove it.

I also see the Google Toolbar in your log. This toolbar has been known to exhibit suspicious behaviour. Please see here for more information. I recommend you remove it.

Please go to Start>Control Panel>Programs and uninstall the following program (if present):

  • AVG Security Toolbar
  • Google Toolbar
  • Yahoo! Companion
  • Yahoo! Toolbar

Please restart your computer after these program removals.

=====

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    IE - HKCU\..\SearchScopes\{4A0FE87B-3640-4E2A-A237-645B533666F4}: "URL" = http://search.softon...archSource=4=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Then, please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

=====

In your reply please provide the contents of the following:

  • OTL fix log.
  • Detected portion of the Kaspersky log.

Link to post
Share on other sites

Hello DarkKnight,

Update: I do not have access to a clean machine for burning the Kaspersky disk for another 24 hours or so; my apologies for the delay. Meanwhile…

Q - Is it permissible to run OTL with the associated commands NOW, posting the OTL fix log by itself, then complete the Kaspersky Rescue Disk boot/scan 24-plus hours later, then post its report?? Or, is it best to do the OTL, then the Kaspersky tasks consecutively?

I read all materials regarding the Rescue disk boot/scan, but have these questions:

Q1 - To verify, I DO need to load the BIOS menu and configure my computer to boot from a removable device, then change it back after completion, correct? (Not in the post instructions, but mentioned here: How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it? )

The next two items are mentioned here Virus Removal using Kaspersky Rescue Disk, but not in the post instructions:

Q2 - Verify that I should move the Current security level slider to High?

Q3 - After the scan ends, an alarm window with information about malware found appears, and the user is directed to click on the recommended action to clear the system of malware. Please verify if this should be completed as stated?

Thanks for your patience as I juggle my time and resources.

~Karen

Woe_is_Me_n_myPC

Link to post
Share on other sites

Good afternoon Woe_is_Me_n_myPC. :)

Is it permissible to run OTL with the associated commands NOW, posting the OTL fix log by itself, then complete the Kaspersky Rescue Disk boot/scan 24-plus hours later, then post its report?? Or, is it best to do the OTL, then the Kaspersky tasks consecutively?

You may run OTL now as I mentioned above, and run Kaspersky later.

Q1 - To verify, I DO need to load the BIOS menu and configure my computer to boot from a removable device, then change it back after completion, correct? (Not in the post instructions, but mentioned here:

Yes, please do so.

Verify that I should move the Current security level slider to High?

You may do so if you wish. You are already infected so this will only (likely) help prevent any further reinfection.

After the scan ends, an alarm window with information about malware found appears, and the user is directed to click on the recommended action to clear the system of malware. Please verify if this should be completed as stated?

Yes please. :)

Link to post
Share on other sites

Hello DarkKnight,

Thanks for the clarifications on the Rescue disk operations. I plan to complete this within the next 24 hours.

In the meantime, here is the OTL Fix Log:

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A0FE87B-3640-4E2A-A237-645B533666F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A0FE87B-3640-4E2A-A237-645B533666F4}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian

->Temp folder emptied: 12377021 bytes

->Temporary Internet Files folder emptied: 18077898 bytes

->Java cache emptied: 62623682 bytes

->Google Chrome cache emptied: 6968625 bytes

->Opera cache emptied: 53164674 bytes

->Flash cache emptied: 60361 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 5 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 86184 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 146.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02082013_084731

Files\Folders moved on Reboot...

C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Howdy DarkKnight,

Apologies for the five-day absence...a clean computer for creating the Kaspersky Resuce Disk was a two-hour road trip away, AND I didn't realize the KRD scan would take so long (36 hours!!). KRD scan result is NO THREATS DETECTED, an outcome that surprised me. KRD scan details below, as an FYI.....

After a number of issues, I actually completed TWO scans...the first with an outdated database (2/3/2013) because I couldn't get it to update successfully; and the second scan completed a couple of hours ago with an up-to-date database (2/11/13). Security level was set to 'high' and both signature and heuristic analysis were selected for each of the two scans. I'm not sure why, but each scan required 36 HOURS to complete! Is this normal?? (The second time around, I attempted to pare down the scan time by excluding Microsoft Live Mail files, since the first scan had plodded through these for nearly 24 hours, 'stuck' at 86% complete, but finally finishing. I apparently did not set up the exclusions correctly, because the second scan did exactly the same thing.) I am impressed with KRD, and although the user experience really tested my patience, I did not want to leave a stone unturned.

Two issues:

  1. Regarding Windows Update for February: I have automatic updates enabled, and usually I would get these sometime in the next 12 hours or so...shall I leave automatic update ON, or temporarily disable it to avoid any conflicts with the work we are doing?
  2. I'm sure you will have me updating Java soon, but just wanted to remind you it is out-of-date.

Okay... what's next? :)

~Karen

Woe_is_Me_n_myPC

Link to post
Share on other sites

Howdy Woe_is_Me_n_myPC,

Updates we can do later. For the interim don't do Windows Updates.

For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using the Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select Computer, find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Press the Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.

Link to post
Share on other sites

Unfortunately, I did not catch the Windows Updates before they were pushed, DarkKnight, and the machine was updated... :-[

Farbar Tool scan results are below.

Here and available for your next instruction...thank you!

~Karen

Woe_is_Me_n_myPC

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013

Ran by SYSTEM at 14-02-2013 16:10:18

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [AcWin7Hlpr] ABLER.EXE [x]

HKLM\...\Run: [cssauth] T [x]

HKLM\...\Run: [synTPEnh] H.EXE [x]

HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]

HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]

HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]

HKLM\...\Run: [LogiScrollApp] C:\Program Files\Logitech\ScrollApp\KhalScroll.exe [148760 2011-11-02] (Logitech, Inc.)

HKLM\...\Run: [EvtMgr6] G [x]

HKLM\...\Run: [MSC] KEY [x]

HKLM-x32\...\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-27] ()

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [Online Backup Auto Update] "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe" [233472 2011-07-16] ()

HKLM-x32\...\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exe [28672 2011-03-23] (DigiData Corp.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\Christian\...\Run: [skyDrive] "C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [255992 2012-11-16] (Microsoft Corporation)

HKU\Christian\...\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BI29JVB05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2676584 2011-09-16] (Hewlett-Packard Co.)

HKU\Default\...\RunOnce: [wlstart] %ProgramFiles(x86)%\Windows Live\Installer\wlstart.exe /nosearch /nohomepage [x]

HKU\Default\...\RunOnce: [] [x]

HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()

HKU\Default User\...\RunOnce: [wlstart] %ProgramFiles(x86)%\Windows Live\Installer\wlstart.exe /nosearch /nohomepage [x]

HKU\Default User\...\RunOnce: [] [x]

HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Christian\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Christian\Start Menu\Programs\Startup\Secure Online Backup.lnk

ShortcutTarget: Secure Online Backup.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2011-04-16] (Adobe Systems)

2 FilesystemWatcher; "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe" [24576 2011-07-16] (DigiData Corp.)

2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)

2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [103472 2012-12-04] (McAfee, Inc.)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [229392 2012-09-12] (Nitro PDF Software)

2 OnlineBackupSchedulerService; "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe" [24576 2011-07-16] ()

4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [77312 2008-10-21] ()

2 sp_rssrv; "C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe" [948775 2011-05-20] (Crawler.com)

3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [22376 2013-02-04] ()

2 ThinkVantage Registry Monitor Service; "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [1019904 2009-08-28] (Lenovo Group Limited)

3 TVT Backup Service; "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe" [1475896 2010-07-06] (Lenovo Group Limited)

2 HPSLPSVC; C:\Users\CHRIST~1\AppData\Local\Temp\7zS7737\hpslpsvc64.dll [x]

==================== Drivers (Whitelisted) =====================

3 azvusb; C:\Windows\System32\Drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)

3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] ()

3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()

3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom)

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)

2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

3 PCTV340_801; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom)

2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [50696 2010-07-07] (Windows ® Win 7 DDK provider)

1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-01-05] ()

3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206080 2009-10-26] (SMI)

3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]

3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]

3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]

3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]

3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]

3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]

3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-14 16:09 - 2013-02-14 16:09 - 00000000 ____D C:\FRST

2013-02-14 10:08 - 2013-02-14 11:25 - 00000000 ____D C:\Users\Christian\Documents\PNY_TPG_06282009

2013-02-14 01:02 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-02-14 01:02 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-02-14 01:02 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-02-14 01:02 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-02-14 01:02 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-02-14 01:02 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-02-14 01:02 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-02-14 01:02 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-02-14 01:02 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-02-14 01:02 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-02-14 01:02 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-02-14 01:02 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-02-14 01:02 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-02-14 01:02 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-02-14 01:02 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-02-14 01:02 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-02-14 01:02 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-02-14 01:02 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-02-14 01:02 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-02-14 01:02 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-02-14 01:02 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-02-14 01:02 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-02-14 01:02 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-02-14 01:02 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-02-14 01:02 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-02-14 01:02 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-02-14 01:02 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-02-14 01:02 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-02-14 01:02 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-02-14 01:02 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-02-14 01:01 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-02-14 01:01 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-02-13 17:06 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-02-13 17:06 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-02-13 17:06 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-02-13 17:06 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-02-13 17:06 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-02-13 17:06 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-02-13 17:06 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-02-13 17:06 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-02-13 17:06 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-02-13 17:06 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-02-13 17:06 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-02-13 17:06 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2013-02-13 16:59 - 2013-02-13 16:59 - 00000000 ____D C:\Program Files\McAfee

2013-02-13 10:36 - 2013-02-13 10:36 - 01961065 ____A C:\KasperskyRescueDisk1012.txt

2013-02-13 10:33 - 2013-02-13 10:33 - 01961065 ____A C:\KasperskyRescueDisk1011.txt

2013-02-11 15:47 - 2013-02-11 15:51 - 276502528 ____A C:\Users\Christian\Downloads\kav_rescue_10 (1).iso

2013-02-11 01:05 - 2013-02-11 01:05 - 00000307 ____A C:\KasperskyRescueDisk10.txt

2013-02-09 11:05 - 2013-02-09 11:06 - 00323072 ____A C:\Users\Christian\Downloads\Slideshop free slide - Shipping-Distribution.ppt

2013-02-08 06:47 - 2013-02-08 06:47 - 00000000 ____D C:\_OTL

2013-02-06 19:24 - 2013-02-06 19:24 - 00387584 ____A C:\Users\Christian\Downloads\rescue2usb.exe

2013-02-06 19:11 - 2013-02-06 19:15 - 301768704 ____A C:\Users\Christian\Downloads\kav_rescue_10.iso

2013-02-05 23:11 - 2013-02-05 23:11 - 00092006 ____A C:\Users\Christian\Desktop\Extras.Txt

2013-02-05 23:09 - 2013-02-05 23:09 - 00157936 ____A C:\Users\Christian\Desktop\OTL.Txt

2013-02-05 22:35 - 2013-02-05 22:35 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe

2013-02-05 18:19 - 2013-02-05 18:19 - 00029821 ____A C:\Users\Christian\Downloads\ComboFix.txt

2013-02-05 13:18 - 2013-02-05 13:18 - 00266288 ____A C:\Windows\Minidump\020513-26878-01.dmp

2013-02-05 13:03 - 2013-02-05 13:03 - 00266288 ____A C:\Windows\Minidump\020513-18314-01.dmp

2013-02-05 09:51 - 2013-02-05 09:51 - 00000000 ____D C:\Users\Christian\Desktop\mbar-1.01.0.1017

2013-02-05 09:28 - 2013-02-05 09:28 - 00029821 ____A C:\ComboFix.txt

2013-02-05 08:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2013-02-05 08:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2013-02-05 08:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-02-05 08:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-02-05 08:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-02-05 08:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2013-02-05 08:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2013-02-05 08:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2013-02-05 08:31 - 2013-02-05 09:28 - 00000000 ____D C:\Qoobox

2013-02-05 08:31 - 2013-02-05 09:25 - 00000000 ____D C:\Windows\erdnt

2013-02-05 08:20 - 2013-02-05 08:20 - 05029686 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe

2013-02-05 07:29 - 2013-02-05 07:29 - 13562257 ____A C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip

2013-02-05 07:06 - 2013-02-05 22:39 - 00000000 ____D C:\Users\Christian\Desktop\GETWELLSOON

2013-02-04 17:59 - 2013-02-04 20:13 - 00004362 ____A C:\Users\Christian\Desktop\MWB Forum Summary1.txt

2013-02-04 16:06 - 2013-02-04 16:06 - 00034476 ____A C:\Users\Christian\Desktop\attach.txt

2013-02-04 16:06 - 2013-02-04 16:05 - 00033245 ____A C:\Users\Christian\Desktop\dds.txt

2013-02-04 16:04 - 2013-02-04 16:04 - 00000000 ____D C:\Users\Christian\Desktop\first

2013-02-04 15:29 - 2013-02-04 15:30 - 00688992 ____R (Swearware) C:\Users\Christian\Desktop\dds.com

2013-02-04 13:15 - 2013-02-04 15:21 - 00000000 ____D C:\Users\Christian\Desktop\temp1515

2013-02-04 07:45 - 2013-02-04 07:45 - 00487100 ____A C:\Users\Christian\Documents\bookmarks_2_4_13.html

2013-02-04 07:37 - 2013-02-04 07:37 - 00065249 ____A C:\Users\Christian\Documents\bookmark.htm

2013-02-02 19:51 - 2013-02-02 19:51 - 00070093 ____A C:\Users\Christian\Downloads\Agile Learning.zip

2013-02-02 16:46 - 2013-02-02 19:29 - 00000000 ____D C:\Users\Christian\Desktop\Desktop Organization

2013-02-02 16:10 - 2013-02-02 16:34 - 00000000 ____D C:\Users\Christian\Documents\__Shortcuts to Sort

2013-02-01 08:51 - 2013-02-01 08:51 - 00000000 ____D C:\Program Files (x86)\Belarc

2013-02-01 08:29 - 2013-02-01 08:29 - 10749984 ____A (McAfee Inc.) C:\Users\Christian\Desktop\Stinger.exe

2013-01-31 18:10 - 2013-01-31 18:15 - 00000000 ____D C:\Users\Christian\Desktop\RK_Quarantine

2013-01-31 16:49 - 2013-01-31 16:50 - 00347424 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\MicrosoftFixit.WinSecurity.RNP.108283107025588528.2.1.Run.exe

2013-01-31 14:54 - 2013-01-31 14:54 - 00025565 ____A C:\Users\Christian\Downloads\Readiness-template1.xlsx

2013-01-31 14:03 - 2013-01-31 14:03 - 00002699 ____A C:\Users\Christian\Downloads\callHistory.csv

2013-01-31 09:08 - 2013-01-31 09:08 - 00001205 ____A C:\Users\Christian\Downloads\FixNCR.reg

2013-01-30 19:07 - 2013-01-30 19:07 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes

2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\All Users\Malwarebytes

2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-30 19:07 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-01-30 17:42 - 2013-01-30 18:03 - 00000000 ____D C:\Users\Christian\Documents\___________suspect

2013-01-30 16:38 - 2013-01-30 16:40 - 72218696 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\mpam-fe.exe

2013-01-30 16:15 - 2013-01-30 16:16 - 00768512 ____A C:\Users\Christian\Desktop\RogueKiller.exe

2013-01-30 16:14 - 2013-01-30 16:14 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe

2013-01-27 21:39 - 2013-01-27 21:40 - 00599552 ____A C:\Users\Christian\Downloads\Virtuoso_Honeymoon_.ppt

2013-01-27 10:03 - 2013-01-27 10:03 - 00015675 ____A C:\Users\Christian\Downloads\miscellaneous_timmy-woods_.kml

2013-01-24 08:20 - 2013-01-24 08:20 - 00093584 ____A C:\Users\Christian\Downloads\tracy.lloyd.final.project.swf

2013-01-24 08:12 - 2013-01-24 08:12 - 01757514 ____A C:\Users\Christian\Downloads\eNyota_Portfolio.swf

2013-01-24 07:48 - 2013-01-24 07:48 - 07435623 ____A C:\Users\Christian\Downloads\LSAMS_Intro_Training_Module_i_Sample.swf

2013-01-24 07:48 - 2013-01-24 07:48 - 05140480 ____A C:\Users\Christian\Downloads\Webinar_Sample_Excerpt.ppt

2013-01-24 07:47 - 2013-01-24 07:47 - 03137304 ____A C:\Users\Christian\Downloads\Follow_Me_Tutorial_921x533.swf

2013-01-24 07:45 - 2013-01-24 07:46 - 13783040 ____A C:\Users\Christian\Downloads\SAMPLE_PPT_STATE_FARM_2.ppt

2013-01-24 05:47 - 2013-01-24 05:47 - 06671360 ____A C:\Users\Christian\Downloads\demoeffectivemeetings-100928163220-phpapp02.ppt

2013-01-24 05:46 - 2013-01-24 05:46 - 03828294 ____A C:\Users\Christian\Downloads\Untitledpresentation.pptx

2013-01-23 19:04 - 2013-01-23 19:04 - 00262144 ____A C:\Windows\Minidump\012313-24601-01.dmp

2013-01-23 14:06 - 2013-01-23 14:06 - 00669184 ____A C:\Users\Christian\Downloads\Slideshop free slide - Maslow-Hierarchy-of-Needs-Blue-Corporate.ppt

2013-01-22 06:01 - 2013-01-22 06:01 - 00262144 ____A C:\Windows\Minidump\012213-20545-01.dmp

2013-01-21 20:15 - 2013-01-21 20:15 - 00000811 ____A C:\Users\Christian\Downloads\event (1).ics

2013-01-19 19:58 - 2013-01-19 19:58 - 00239616 ____A C:\Users\Christian\Downloads\Slideshop free slide - Chinese-Culture.ppt

2013-01-19 12:36 - 2013-01-19 12:36 - 05442160 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\Windows8-UpgradeAssistant.exe

2013-01-17 10:02 - 2013-01-17 10:02 - 00009132 ____A C:\Users\Christian\Downloads\meeting (1).jnlp

2013-01-16 18:40 - 2013-01-16 18:41 - 04048201 ____A C:\Users\Christian\Downloads\LifeExpectancy.pptx

2013-01-16 18:06 - 2013-01-16 18:23 - 00000000 ____D C:\Users\Christian\Documents\My Cmaps

2013-01-16 18:06 - 2013-01-16 18:23 - 00000000 ____D C:\Users\Christian\AppData\Roaming\CmapTools

2013-01-16 18:06 - 2013-01-16 18:06 - 00001970 ____A C:\Users\Christian\.powerupdate.user.properties

2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ___HD C:\Program Files\Zero G Registry

2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ____D C:\Program Files\IHMC CmapTools

2013-01-16 17:58 - 2013-01-16 17:58 - 00000000 ___HD C:\Users\Christian\InstallAnywhere

2013-01-16 17:56 - 2013-01-16 17:57 - 75998533 ____A (Flexera Software) C:\Users\Christian\Downloads\Winx64CmapTools_v5.05.01_11-01-12.exe

2013-01-16 10:02 - 2013-01-16 10:55 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Blackboard

2013-01-16 10:00 - 2013-01-16 10:01 - 00009076 ____A C:\Users\Christian\Downloads\meeting.jnlp

2013-01-15 11:19 - 2013-01-15 11:19 - 00001477 ____A C:\Users\Christian\Downloads\webinar.ics

2013-01-15 10:36 - 2013-01-15 10:36 - 00000407 ____A C:\Users\Christian\Downloads\event.ics

==================== One Month Modified Files and Folders =======

2013-02-14 16:09 - 2013-02-14 16:09 - 00000000 ____D C:\FRST

2013-02-14 14:01 - 2010-05-27 21:10 - 01134916 ____A C:\Windows\WindowsUpdate.log

2013-02-14 14:00 - 2012-10-28 05:52 - 00000000 ___RD C:\Users\Christian\SkyDrive

2013-02-14 13:58 - 2011-01-15 04:45 - 00000382 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2013-02-14 13:42 - 2011-11-07 16:35 - 00000000 ____D C:\Users\Christian\Documents\Outlook Files

2013-02-14 13:34 - 2011-08-19 13:50 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-02-14 13:15 - 2012-11-07 12:26 - 00000354 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job

2013-02-14 13:05 - 2012-04-04 16:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-02-14 11:25 - 2013-02-14 10:08 - 00000000 ____D C:\Users\Christian\Documents\PNY_TPG_06282009

2013-02-14 06:13 - 2009-07-13 21:13 - 00792128 ____A C:\Windows\System32\PerfStringBackup.INI

2013-02-14 05:53 - 2011-08-19 13:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-02-14 01:50 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-02-14 01:50 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-02-14 01:42 - 2012-04-18 06:42 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-02-14 01:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-02-14 01:42 - 2009-07-13 20:51 - 00042817 ____A C:\Windows\setupact.log

2013-02-14 01:42 - 2009-07-13 20:45 - 05038280 ____A C:\Windows\System32\FNTCACHE.DAT

2013-02-14 01:40 - 2011-01-13 23:17 - 00316594 ____A C:\Windows\PFRO.log

2013-02-14 01:23 - 2010-05-27 21:59 - 00000000 ____D C:\Users\All Users\Microsoft Help

2013-02-14 01:13 - 2011-01-15 12:15 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-02-13 16:59 - 2013-02-13 16:59 - 00000000 ____D C:\Program Files\McAfee

2013-02-13 10:36 - 2013-02-13 10:36 - 01961065 ____A C:\KasperskyRescueDisk1012.txt

2013-02-13 10:33 - 2013-02-13 10:33 - 01961065 ____A C:\KasperskyRescueDisk1011.txt

2013-02-11 15:51 - 2013-02-11 15:47 - 276502528 ____A C:\Users\Christian\Downloads\kav_rescue_10 (1).iso

2013-02-11 07:46 - 2010-05-27 21:18 - 00000000 ____D C:\Program Files (x86)\Lenovo

2013-02-11 01:05 - 2013-02-11 01:05 - 00000307 ____A C:\KasperskyRescueDisk10.txt

2013-02-09 18:08 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-02-09 12:52 - 2012-02-14 16:47 - 00000000 ____D C:\Users\Christian\Documents\IAC-FAI-CIVA

2013-02-09 11:06 - 2013-02-09 11:05 - 00323072 ____A C:\Users\Christian\Downloads\Slideshop free slide - Shipping-Distribution.ppt

2013-02-08 22:05 - 2012-04-04 16:33 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-02-08 22:05 - 2011-05-21 06:45 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-02-08 06:47 - 2013-02-08 06:47 - 00000000 ____D C:\_OTL

2013-02-08 05:44 - 2011-08-19 13:50 - 00000000 ____D C:\Program Files\Google

2013-02-08 05:44 - 2011-08-19 13:50 - 00000000 ____D C:\Program Files (x86)\Google

2013-02-08 05:33 - 2011-08-19 13:50 - 00000000 ____D C:\Users\All Users\Google

2013-02-07 17:34 - 2010-05-27 21:44 - 00000000 ____D C:\Users\All Users\PCDr

2013-02-06 21:29 - 2011-05-03 08:43 - 00000000 ____D C:\Users\Christian\AppData\Local\Microsoft Games

2013-02-06 19:24 - 2013-02-06 19:24 - 00387584 ____A C:\Users\Christian\Downloads\rescue2usb.exe

2013-02-06 19:15 - 2013-02-06 19:11 - 301768704 ____A C:\Users\Christian\Downloads\kav_rescue_10.iso

2013-02-05 23:11 - 2013-02-05 23:11 - 00092006 ____A C:\Users\Christian\Desktop\Extras.Txt

2013-02-05 23:09 - 2013-02-05 23:09 - 00157936 ____A C:\Users\Christian\Desktop\OTL.Txt

2013-02-05 22:39 - 2013-02-05 07:06 - 00000000 ____D C:\Users\Christian\Desktop\GETWELLSOON

2013-02-05 22:35 - 2013-02-05 22:35 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe

2013-02-05 22:24 - 2011-03-01 04:52 - 00000000 ____D C:\Users\All Users\McAfee

2013-02-05 18:19 - 2013-02-05 18:19 - 00029821 ____A C:\Users\Christian\Downloads\ComboFix.txt

2013-02-05 13:18 - 2013-02-05 13:18 - 00266288 ____A C:\Windows\Minidump\020513-26878-01.dmp

2013-02-05 13:18 - 2011-02-19 22:46 - 00000000 ____D C:\Windows\Minidump

2013-02-05 13:18 - 2011-02-19 22:45 - 537549394 ____A C:\Windows\MEMORY.DMP

2013-02-05 13:03 - 2013-02-05 13:03 - 00266288 ____A C:\Windows\Minidump\020513-18314-01.dmp

2013-02-05 09:51 - 2013-02-05 09:51 - 00000000 ____D C:\Users\Christian\Desktop\mbar-1.01.0.1017

2013-02-05 09:28 - 2013-02-05 09:28 - 00029821 ____A C:\ComboFix.txt

2013-02-05 09:28 - 2013-02-05 08:31 - 00000000 ____D C:\Qoobox

2013-02-05 09:28 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2013-02-05 09:25 - 2013-02-05 08:31 - 00000000 ____D C:\Windows\erdnt

2013-02-05 09:17 - 2009-07-13 18:34 - 92798976 ____A C:\Windows\System32\config\software.bak

2013-02-05 09:17 - 2009-07-13 18:34 - 27787264 ____A C:\Windows\System32\config\system.bak

2013-02-05 09:17 - 2009-07-13 18:34 - 01048576 ____A C:\Windows\System32\config\default.bak

2013-02-05 09:17 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak

2013-02-05 09:17 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak

2013-02-05 09:15 - 2011-01-13 21:20 - 00000000 ____D C:\users\Christian

2013-02-05 08:20 - 2013-02-05 08:20 - 05029686 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe

2013-02-05 07:29 - 2013-02-05 07:29 - 13562257 ____A C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip

2013-02-04 22:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

2013-02-04 20:13 - 2013-02-04 17:59 - 00004362 ____A C:\Users\Christian\Desktop\MWB Forum Summary1.txt

2013-02-04 16:06 - 2013-02-04 16:06 - 00034476 ____A C:\Users\Christian\Desktop\attach.txt

2013-02-04 16:05 - 2013-02-04 16:06 - 00033245 ____A C:\Users\Christian\Desktop\dds.txt

2013-02-04 16:04 - 2013-02-04 16:04 - 00000000 ____D C:\Users\Christian\Desktop\first

2013-02-04 15:30 - 2013-02-04 15:29 - 00688992 ____R (Swearware) C:\Users\Christian\Desktop\dds.com

2013-02-04 15:21 - 2013-02-04 13:15 - 00000000 ____D C:\Users\Christian\Desktop\temp1515

2013-02-04 15:12 - 2012-11-08 14:24 - 00000000 ____D C:\Users\Christian\Desktop\Photos - Current

2013-02-04 07:45 - 2013-02-04 07:45 - 00487100 ____A C:\Users\Christian\Documents\bookmarks_2_4_13.html

2013-02-04 07:37 - 2013-02-04 07:37 - 00065249 ____A C:\Users\Christian\Documents\bookmark.htm

2013-02-02 19:51 - 2013-02-02 19:51 - 00070093 ____A C:\Users\Christian\Downloads\Agile Learning.zip

2013-02-02 19:38 - 2012-09-27 13:39 - 00000000 ____D C:\Users\Christian\Desktop\SHORTCUTS

2013-02-02 19:29 - 2013-02-02 16:46 - 00000000 ____D C:\Users\Christian\Desktop\Desktop Organization

2013-02-02 17:11 - 2012-01-12 13:12 - 00000000 ____D C:\Users\Christian\Documents\User Guides_Equipment

2013-02-02 17:02 - 2012-04-13 07:34 - 00000000 ____D C:\Users\Christian\Desktop\___My LISTS

2013-02-02 17:01 - 2012-06-19 13:45 - 00000000 ____D C:\Users\Christian\Desktop\BIZ

2013-02-02 16:50 - 2012-01-03 09:47 - 00000000 ____D C:\Users\Christian\Documents\___JOB_HUNT & RESUME

2013-02-02 16:49 - 2012-01-03 10:11 - 00000000 ____D C:\Users\Christian\Documents\Public Assistance

2013-02-02 16:40 - 2012-08-22 14:30 - 00000000 ____D C:\Users\Christian\Documents\People

2013-02-02 16:37 - 2012-12-13 16:13 - 00000000 ____D C:\Users\Christian\Documents\________________________SELL DEC2012

2013-02-02 16:34 - 2013-02-02 16:10 - 00000000 ____D C:\Users\Christian\Documents\__Shortcuts to Sort

2013-02-02 13:48 - 2012-01-29 10:17 - 00000000 ____D C:\Users\Christian\Documents\__Desktop dropbox

2013-02-02 13:41 - 2012-07-05 06:55 - 00000000 ____D C:\Users\Christian\Documents\___Desktop Drop - 7-5-2012

2013-02-02 13:36 - 2012-03-24 03:21 - 00000000 ____D C:\Users\Christian\Documents\__Desktop Drop III

2013-02-02 13:06 - 2010-05-27 21:38 - 00000000 ____D C:\Users\All Users\Adobe

2013-02-01 08:51 - 2013-02-01 08:51 - 00000000 ____D C:\Program Files (x86)\Belarc

2013-02-01 08:29 - 2013-02-01 08:29 - 10749984 ____A (McAfee Inc.) C:\Users\Christian\Desktop\Stinger.exe

2013-01-31 18:15 - 2013-01-31 18:10 - 00000000 ____D C:\Users\Christian\Desktop\RK_Quarantine

2013-01-31 16:50 - 2013-01-31 16:49 - 00347424 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\MicrosoftFixit.WinSecurity.RNP.108283107025588528.2.1.Run.exe

2013-01-31 14:54 - 2013-01-31 14:54 - 00025565 ____A C:\Users\Christian\Downloads\Readiness-template1.xlsx

2013-01-31 14:03 - 2013-01-31 14:03 - 00002699 ____A C:\Users\Christian\Downloads\callHistory.csv

2013-01-31 12:46 - 2011-11-15 10:57 - 00132065 ____A C:\Users\Christian\Desktop\Karen_-_new_life.xlsx

2013-01-31 09:08 - 2013-01-31 09:08 - 00001205 ____A C:\Users\Christian\Downloads\FixNCR.reg

2013-01-30 19:07 - 2013-01-30 19:07 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes

2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\All Users\Malwarebytes

2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-30 18:03 - 2013-01-30 17:42 - 00000000 ____D C:\Users\Christian\Documents\___________suspect

2013-01-30 16:40 - 2013-01-30 16:38 - 72218696 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\mpam-fe.exe

2013-01-30 16:16 - 2013-01-30 16:15 - 00768512 ____A C:\Users\Christian\Desktop\RogueKiller.exe

2013-01-30 16:14 - 2013-01-30 16:14 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe

2013-01-30 02:53 - 2011-01-14 20:10 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-01-29 20:16 - 2011-01-14 19:34 - 00007623 ____A C:\Users\Christian\AppData\Local\resmon.resmoncfg

2013-01-27 21:40 - 2013-01-27 21:39 - 00599552 ____A C:\Users\Christian\Downloads\Virtuoso_Honeymoon_.ppt

2013-01-27 10:03 - 2013-01-27 10:03 - 00015675 ____A C:\Users\Christian\Downloads\miscellaneous_timmy-woods_.kml

2013-01-24 08:20 - 2013-01-24 08:20 - 00093584 ____A C:\Users\Christian\Downloads\tracy.lloyd.final.project.swf

2013-01-24 08:12 - 2013-01-24 08:12 - 01757514 ____A C:\Users\Christian\Downloads\eNyota_Portfolio.swf

2013-01-24 07:48 - 2013-01-24 07:48 - 07435623 ____A C:\Users\Christian\Downloads\LSAMS_Intro_Training_Module_i_Sample.swf

2013-01-24 07:48 - 2013-01-24 07:48 - 05140480 ____A C:\Users\Christian\Downloads\Webinar_Sample_Excerpt.ppt

2013-01-24 07:47 - 2013-01-24 07:47 - 03137304 ____A C:\Users\Christian\Downloads\Follow_Me_Tutorial_921x533.swf

2013-01-24 07:46 - 2013-01-24 07:45 - 13783040 ____A C:\Users\Christian\Downloads\SAMPLE_PPT_STATE_FARM_2.ppt

2013-01-24 05:47 - 2013-01-24 05:47 - 06671360 ____A C:\Users\Christian\Downloads\demoeffectivemeetings-100928163220-phpapp02.ppt

2013-01-24 05:46 - 2013-01-24 05:46 - 03828294 ____A C:\Users\Christian\Downloads\Untitledpresentation.pptx

2013-01-23 19:04 - 2013-01-23 19:04 - 00262144 ____A C:\Windows\Minidump\012313-24601-01.dmp

2013-01-23 14:06 - 2013-01-23 14:06 - 00669184 ____A C:\Users\Christian\Downloads\Slideshop free slide - Maslow-Hierarchy-of-Needs-Blue-Corporate.ppt

2013-01-23 08:47 - 2012-12-14 07:19 - 00000000 ____D C:\Users\Christian\AppData\Local\TodoistCache

2013-01-22 06:01 - 2013-01-22 06:01 - 00262144 ____A C:\Windows\Minidump\012213-20545-01.dmp

2013-01-21 20:15 - 2013-01-21 20:15 - 00000811 ____A C:\Users\Christian\Downloads\event (1).ics

2013-01-19 19:58 - 2013-01-19 19:58 - 00239616 ____A C:\Users\Christian\Downloads\Slideshop free slide - Chinese-Culture.ppt

2013-01-19 18:41 - 2011-11-29 12:29 - 00000000 ____D C:\Users\Christian\Documents\OneNote Notebooks

2013-01-19 13:12 - 2012-12-27 14:22 - 00000000 ____D C:\Users\Christian\Documents\__________________________2013BIZ

2013-01-19 12:36 - 2013-01-19 12:36 - 05442160 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\Windows8-UpgradeAssistant.exe

2013-01-17 10:02 - 2013-01-17 10:02 - 00009132 ____A C:\Users\Christian\Downloads\meeting (1).jnlp

2013-01-16 18:41 - 2013-01-16 18:40 - 04048201 ____A C:\Users\Christian\Downloads\LifeExpectancy.pptx

2013-01-16 18:23 - 2013-01-16 18:06 - 00000000 ____D C:\Users\Christian\Documents\My Cmaps

2013-01-16 18:23 - 2013-01-16 18:06 - 00000000 ____D C:\Users\Christian\AppData\Roaming\CmapTools

2013-01-16 18:06 - 2013-01-16 18:06 - 00001970 ____A C:\Users\Christian\.powerupdate.user.properties

2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ___HD C:\Program Files\Zero G Registry

2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ____D C:\Program Files\IHMC CmapTools

2013-01-16 17:58 - 2013-01-16 17:58 - 00000000 ___HD C:\Users\Christian\InstallAnywhere

2013-01-16 17:57 - 2013-01-16 17:56 - 75998533 ____A (Flexera Software) C:\Users\Christian\Downloads\Winx64CmapTools_v5.05.01_11-01-12.exe

2013-01-16 10:55 - 2013-01-16 10:02 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Blackboard

2013-01-16 10:01 - 2013-01-16 10:00 - 00009076 ____A C:\Users\Christian\Downloads\meeting.jnlp

2013-01-15 11:19 - 2013-01-15 11:19 - 00001477 ____A C:\Users\Christian\Downloads\webinar.ics

2013-01-15 10:36 - 2013-01-15 10:36 - 00000407 ____A C:\Users\Christian\Downloads\event.ics

2013-01-15 09:52 - 2011-01-14 15:54 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-03 16:13:04

Restore point made on: 2013-02-05 22:48:10

Restore point made on: 2013-02-06 22:43:52

Restore point made on: 2013-02-11 07:51:44

Restore point made on: 2013-02-14 01:01:31

==================== Memory info ===========================

Percentage of memory in use: 18%

Total physical RAM: 3892.55 MB

Available physical RAM: 3174.84 MB

Total Pagefile: 3890.7 MB

Available Pagefile: 3168.89 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (Windows7_OS) (Fixed) (Total:296.92 GB) (Free:142.11 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: () (Removable) (Total:14.92 GB) (Free:2.06 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 1024 KB

Disk 1 Online 14 GB 0 B

Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: 3BD1986D

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1200 MB 1024 KB

Partition 2 Primary 296 GB 1201 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Windows7_OS NTFS Partition 296 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 00000000

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 26 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2013-02-13 23:56

==================== End Of Log =============================

Link to post
Share on other sites

Hello Woe_is_Me_n_myPC,

To do this, please set Win7 to show hidden/system files and folders so that you can find them:

  • Please click Start and open My Computer.
  • On the Organize tab, click on Folder and search options.
  • On the View tab, uncheck Hide file extensions for known file types.
  • Also uncheck Hide protected operating system files (Recommended) and click Yes on the warning message.
  • Under Hidden files and folders, check Show hidden files, folders, or drives.
  • Click Apply.
  • Click OK and close My Computer.

I will give you instructions for hiding them again after it looks like your computer is clean.

=====

Then, please go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time.

C:\Users\CHRIST~1\AppData\Local\Temp\7zS7737\hpslpsvc64.dll

Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please resend the file.

Link to post
Share on other sites

Hi DarkKnight,

I was unable to locate C:\Users\CHRIST~1\AppData\Local\Temp\7zS7737\hpslpsvc64.dll

There is no 7zS7737 folder ... This is likely due to my deletion of files in &temp& after most reboots. If I find something funny there, I may grab a screenshot, which in fact I did yesterday morning. However, this particular folder wasn't present in that screenshot.

I found two instances of this file...

  1. HPSLPSVC64.DLL found here: C:\Program Files (x86)\HP\Digital Imaging\bin
  2. hpslpsvc64.dll.926C3A5D_FE1O_435B_9448_0ADCA90BAB80 was found here: C:\Windows\Installer\$PatchCache$\Managed\BA2BDD4ADCCEA3C46833775D1A0A5E24\130.0.374

I scanned both files at virustotal, with what I believe to be normal results. I captured the detailed info on these, which follows.

I'll be around this evening if you care to give me another task ;)

Thanks,

~Karen

Woe_is_Me_n_myPC

HPSLPSVC64.DLL @ VIRUSTOTAL:

SHA256:

2f9d21613500f092dfc0db879180b549ee615d9b07408a5cc1a7f84663b2f47a

SHA1:

d6670325932fe25820a260e4b125172058f15c5d

MD5:

f37882f128efacefe353e0bae2766909

File size:

1015.0 KB ( 1039360 bytes )

File name:

HPSLP__.DLL

File type:

Win32 DLL

Detection ratio:

0 / 46

Analysis date:

2013-02-15 14:53:11 UTC ( 0 minutes ago )

ssdeep

12288:tZY16LWLnH/EgBh+jq3ZnSVPrb1in0DViNEsG/+E4fh3333y3yis8LCsxj:A16LWLFfZSVE0DUNPBh3333y3yz8Csx

TrID

Generic Win/DOS Executable (49.9%)

DOS Executable Generic (49.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

ExifTool

ProductFileFlags.........: 1

CodeSize.................: 650752

SubsystemVersion.........: 5.2

Comments.................: HP Network Devices Support

InitializedDataSize......: 387584

ImageVersion.............: 0.0

ProductName..............: HP Digital Imaging

FileVersionNumber........: 140.0.331.0

UninitializedDataSize....: 0

LanguageCode.............: English (U.S.)

FileFlagsMask............: 0x003f

VersionDate..............: October 22, 2010

CharacterSet.............: Windows, Latin1

LinkerVersion............: 9.0

OriginalFilename.........: HPSLP??.DLL

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

FileVersion..............: 140.0.331.000

TimeStamp................: 2010:10:22 21:06:55+01:00

FileType.................: Win64 DLL

PEType...................: PE32+

InternalName.............: HPSLP??

ProductVersion...........: 140.000.000.000

FileDescription..........: HP Network Devices Support

OSVersion................: 5.2

ProductVersionNumber.....: 140.0.0.0

FileOS...................: Windows 32-bit

LegalCopyright...........: Copyright © Hewlett-Packard Co. 1995-2010

MachineType..............: AMD AMD64

CompanyName..............: Hewlett-Packard Co.

LegalTrademarks..........:

FileSubtype..............: 0

ProductFamily............: HP Digital Imaging

EntryPoint...............: 0x6b378

ObjectFileType...........: Dynamic link library

Sigcheck

publisher................: Hewlett-Packard Co.

product..................: HP Digital Imaging

internal name............: HPSLP__

copyright................: Copyright © Hewlett-Packard Co. 1995-2010

original name............: HPSLP__.DLL

comments.................: HP Network Devices Support

file version.............: 140.0.331.000

description..............: HP Network Devices Support

Portable Executable structural information

Compilation timedatestamp.....: 2010-10-22 20:06:55

Target machine................: 0x8664 (x64)

Entry point address...........: 0x0006B378

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 650711 650752 6.29 a7355223c5ba29e5a122877fec5ea9ba

.rdata 655360 261463 261632 4.41 696b77854dd6c504cf664a1654444df1

.data 917504 368696 21504 4.42 c3e60444203b90381417e383f3e085f0

.pdata 1290240 57324 57344 5.65 096208cbef7f78afb026590871dd4a0f

.rsrc 1347584 32060 32256 4.93 437f598d6ec9c0ae5bcf19c6c191ef1b

.reloc 1380352 14786 14848 2.26 e792a75396a24f9a972da03a243a3ccf

PE Imports....................:

[[OLEAUT32.dll]]

Ord(161), Ord(12), Ord(149), Ord(313), Ord(277), Ord(6), Ord(186), Ord(150), Ord(7), Ord(4), Ord(162), Ord(163), Ord(8), Ord(2), Ord(9)

[[CRYPT32.dll]]

CryptUnprotectData

[[KERNEL32.dll]]

SetThreadLocale, GetStdHandle, GetConsoleOutputCP, GetOverlappedResult, WaitForSingleObject, HeapDestroy, EncodePointer, FlsGetValue, GetFileAttributesW, GetExitCodeProcess, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, GetLocaleInfoA, LocalAlloc, GetLogicalDrives, FreeEnvironmentStringsW, SetStdHandle, GetCPInfo, GetStringTypeA, WriteFile, GetTimeZoneInformation, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, SetEvent, LocalFree, FormatMessageW, ResumeThread, InitializeCriticalSection, OutputDebugStringW, GlobalHandle, FindClose, TlsGetValue, QueryDosDeviceW, SetLastError, GlobalFindAtomW, LoadResource, GetModuleFileNameW, TryEnterCriticalSection, IsDebuggerPresent, HeapAlloc, GetVersionExA, GetModuleFileNameA, LoadLibraryA, RaiseException, HeapSetInformation, SetThreadPriority, RtlVirtualUnwind, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, GetPrivateProfileStringW, GlobalAddAtomW, CreateThread, GetSystemDirectoryW, GetExitCodeThread, FlushFileBuffers, SetUnhandledExceptionFilter, ExitThread, DecodePointer, SetEnvironmentVariableA, SetPriorityClass, TerminateProcess, WriteConsoleA, VirtualQuery, GetCurrentThreadId, GetProcAddress, WriteConsoleW, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, GetOEMCP, QueryPerformanceCounter, GetTickCount, IsBadWritePtr, TlsAlloc, VirtualProtect, FlsSetValue, lstrcmpiW, FreeLibrary, GetStartupInfoA, GetDateFormatA, RtlPcToFileHeader, GetWindowsDirectoryW, GetFileSize, GlobalDeleteAtom, OpenProcess, WaitForMultipleObjects, GetProcessHeap, CompareStringW, GlobalReAlloc, lstrcmpA, FindNextFileW, RtlLookupFunctionEntry, ResetEvent, FindFirstFileW, lstrcmpW, RtlUnwindEx, GetTempPathW, CreateEventW, CreateFileW, GetFileType, TlsSetValue, CreateFileA, ExitProcess, LeaveCriticalSection, GetLastError, LocalReAlloc, SystemTimeToFileTime, LCMapStringW, GetSystemInfo, lstrlenA, GlobalFree, GetConsoleCP, LCMapStringA, GetThreadLocale, GetEnvironmentStringsW, GlobalUnlock, GlobalAlloc, lstrlenW, SizeofResource, GetCurrentProcessId, LockResource, GetCommandLineW, HeapQueryInformation, WideCharToMultiByte, HeapSize, FlsAlloc, GetCommandLineA, FlsFree, CancelIo, SuspendThread, GetSystemDefaultLangID, QueryPerformanceFrequency, SetFilePointer, ReadFile, GlobalFlags, RtlCaptureContext, CloseHandle, GetTimeFormatA, GetACP, GlobalLock, GetModuleHandleW, FindResourceExW, GetEnvironmentStrings, IsValidCodePage, HeapCreate, FindResourceW, Sleep, IsBadReadPtr, VirtualAlloc, CompareStringA

[[WINSPOOL.DRV]]

GetPrinterDriverDirectoryW, DeletePrinter, GetPrinterDataExW, DocumentPropertiesW, SetPrinterDataExW, GetPrintProcessorDirectoryW, EnumPortsW, EnumPrinterDriversW, SetPrinterW, EnumPrintersW, AddPrinterW, GetPrinterW, XcvDataW, ClosePrinter, OpenPrinterW

[[ADVAPI32.dll]]

SetSecurityDescriptorOwner, RegCreateKeyExW, RegCloseKey, CopySid, GetSecurityDescriptorControl, GetAce, OpenServiceW, ControlService, InitializeAcl, RegDeleteKeyW, DeleteService, RegCreateKeyW, GetAclInformation, RegQueryValueExW, SetSecurityDescriptorDacl, CloseServiceHandle, ChangeServiceConfig2W, RegisterEventSourceW, DeregisterEventSource, MakeAbsoluteSD, AddAccessAllowedAce, RegOpenKeyExW, GetSecurityDescriptorOwner, LookupAccountNameW, ConvertSidToStringSidW, CreateServiceW, GetTokenInformation, SetServiceStatus, IsValidSid, RegQueryInfoKeyW, GetSecurityDescriptorDacl, RegEnumKeyExW, GetSecurityDescriptorSacl, GetSidSubAuthority, GetLengthSid, InitializeSid, CreateProcessAsUserW, RegDeleteValueW, RevertToSelf, RegSetValueExW, ConvertSecurityDescriptorToStringSecurityDescriptorW, SetSecurityDescriptorGroup, GetSidLengthRequired, OpenSCManagerW, ReportEventW, InitializeSecurityDescriptor, RegisterServiceCtrlHandlerExW, GetSecurityDescriptorGroup, ImpersonateLoggedOnUser, AddAce

[[ole32.dll]]

CoInitializeEx, CoUninitialize, CoTaskMemAlloc, CoRevokeClassObject, CoTaskMemRealloc, CoCreateInstance, CoInitializeSecurity, CoSuspendClassObjects, CoResumeClassObjects, CoRegisterClassObject, CoTaskMemFree, StringFromGUID2

[[sETUPAPI.dll]]

SetupDiSetSelectedDevice, SetupDiOpenDevRegKey, SetupFindNextLine, SetupDiRemoveDevice, SetupDiSetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW, SetupGetLineCountW, SetupGetMultiSzFieldW, SetupGetFieldCount, SetupDiGetDriverInfoDetailW, SetupDiDestroyDeviceInfoList, SetupDiCallClassInstaller, SetupDiSetSelectedDriverW, SetupDiSetClassInstallParamsW, SetupDiGetSelectedDriverW, SetupOpenInfFileW, SetupDiBuildDriverInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDevRegKeyW, SetupDiClassGuidsFromNameW, SetupDiSetDeviceInstallParamsW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceInstanceIdW, SetupGetLineTextW, SetupFindFirstLineW, SetupGetLineByIndexW, SetupDiOpenClassRegKey, SetupDiDestroyDriverInfoList, SetupDiCreateDeviceInfoList, SetupGetStringFieldW, SetupCloseInfFile

[[OLEACC.dll]]

CreateStdAccessibleObject, LresultFromObject

PE Exports....................:

DllCanUnloadNow, DllRegisterServer, DllUnregisterServer, MapNetworkDrive, ServiceMain, UnmapNetworkDrive

PE Resources..................:

Resource type Number of resources

RT_STRING 23

REGISTRY 4

RT_MANIFEST 1

TYPELIB 1

RT_VERSION 1

Resource language Number of resources

NEUTRAL 4

TURKISH DEFAULT 3

ENGLISH US 2

HEBREW DEFAULT 1

SWEDISH 1

DUTCH 1

FRENCH 1

CHINESE SIMPLIFIED 1

CZECH DEFAULT 1

ITALIAN 1

NORWEGIAN BOKMAL 1

PORTUGUESE BRAZILIAN 1

SPANISH NEUTRAL 1

FINNISH DEFAULT 1

KOREAN 1

HUNGARIAN DEFAULT 1

POLISH DEFAULT 1

JAPANESE DEFAULT 1

DANISH DEFAULT 1

GREEK DEFAULT 1

CHINESE TRADITIONAL 1

GERMAN NEUTRAL 1

ARABIC SAUDI ARABIA 1

RUSSIAN 1

Symantec Reputation

Suspicious.Insight

First seen by VirusTotal

2010-12-04 00:40:53 UTC ( 2 years, 2 months ago )

Last seen by VirusTotal

2013-02-15 14:53:11 UTC ( 3 minutes ago )

File names (max. 25)

  • < >HPSLPSVC64.DLL HPSLPSVC64.DLL.vir tsk0000.dta hpslpsvc64.dll FILE_36 d6670325932fe25820a260e4b125172058f15c5d HPSLP__ file-5107163_DLL HPSLP__.DLL HPSLPSVC64.DLL HPSLPSVC64.DLLvr

Pasted from <https://www.virustotal.com/en/file/2f9d21613500f092dfc0db879180b549ee615d9b07408a5cc1a7f84663b2f47a/analysis/1360939991/>

hpslpsvc64.dll.926C3A5D_FE1O_435B_9448_0ADCA90BAB80 @ VIRUSTOTAL:

ssdeep

12288:xgpiPIXEr2GcVOClSgHUTfINqzgwJOGGY1souwUewq3zxO2H:OWIxsgHWIiOGGosoxRwazxO2H

TrID

Generic Win/DOS Executable (49.9%)

DOS Executable Generic (49.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

ExifTool

ProductFileFlags.........: 1

CodeSize.................: 571904

SubsystemVersion.........: 5.2

Comments.................: HP Network Devices Support

InitializedDataSize......: 350208

ImageVersion.............: 0.0

ProductName..............: HP Digital Imaging

FileVersionNumber........: 130.0.80.0

UninitializedDataSize....: 0

LanguageCode.............: English (U.S.)

FileFlagsMask............: 0x003f

VersionDate..............: May 21, 2009

CharacterSet.............: Windows, Latin1

LinkerVersion............: 9.0

OriginalFilename.........: HPSLP??.DLL

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

FileVersion..............: 130.0.80.000

TimeStamp................: 2009:05:22 05:35:04+01:00

FileType.................: Win64 DLL

PEType...................: PE32+

InternalName.............: HPSLP??

ProductVersion...........: 130.000.999.000

FileDescription..........: HP Network Devices Support

OSVersion................: 5.2

ProductVersionNumber.....: 130.0.999.0

FileOS...................: Windows 32-bit

LegalCopyright...........: Copyright © Hewlett-Packard Co. 1995-2009

MachineType..............: AMD AMD64

CompanyName..............: Hewlett-Packard Co.

LegalTrademarks..........:

FileSubtype..............: 0

ProductFamily............: HP Digital Imaging

EntryPoint...............: 0x62b50

ObjectFileType...........: Dynamic link library

Sigcheck

publisher................: Hewlett-Packard Co.

product..................: HP Digital Imaging

internal name............: HPSLP__

copyright................: Copyright © Hewlett-Packard Co. 1995-2009

original name............: HPSLP__.DLL

comments.................: HP Network Devices Support

file version.............: 130.0.80.000

description..............: HP Network Devices Support

Portable Executable structural information

Compilation timedatestamp.....: 2009-05-22 04:35:04

Target machine................: 0x8664 (x64)

Entry point address...........: 0x00062B50

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 571583 571904 6.31 2ba86fd99fb2ec75d2a37ab5e2d806eb

.rdata 577536 238391 238592 4.37 fd845bce599a37fee30e9d1a3ef7bae5

.data 819200 369208 22528 4.67 104733f944057ad8e52bbd447c29aac4

.pdata 1191936 41892 41984 5.76 54e78834c1cf6b283b2d9799a4362403

.rsrc 1236992 32052 32256 4.93 e3208821e06e25f00136d40464721c2c

.reloc 1269760 14450 14848 2.23 c97ecd6e7d6e8b6bd5e43dba609615de

PE Imports....................:

[[OLEAUT32.dll]]

Ord(12), Ord(161), Ord(149), Ord(277), Ord(6), Ord(186), Ord(150), Ord(7), Ord(162), Ord(163), Ord(8), Ord(2), Ord(9)

[[CRYPT32.dll]]

CryptUnprotectData

[[KERNEL32.dll]]

SetThreadLocale, GetStdHandle, GetConsoleOutputCP, GetOverlappedResult, WaitForSingleObject, HeapDestroy, EncodePointer, FlsGetValue, GetFileAttributesW, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, GetLocaleInfoA, LocalAlloc, RtlUnwindEx, GetLogicalDrives, FreeEnvironmentStringsW, SetStdHandle, WideCharToMultiByte, GetStringTypeA, WriteFile, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, FreeLibrary, LocalFree, FormatMessageW, ResumeThread, GetTimeZoneInformation, LoadResource, GlobalHandle, FindClose, TlsGetValue, QueryDosDeviceW, SetLastError, InitializeCriticalSection, GlobalFindAtomW, OutputDebugStringW, GetModuleFileNameW, TryEnterCriticalSection, IsDebuggerPresent, HeapAlloc, GetVersionExA, GetModuleFileNameA, LoadLibraryA, RaiseException, HeapSetInformation, SetThreadPriority, RtlVirtualUnwind, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, GetPrivateProfileStringW, GlobalAddAtomW, CreateThread, GetExitCodeThread, FlushFileBuffers, SetUnhandledExceptionFilter, ExitThread, DecodePointer, SetEnvironmentVariableA, SetPriorityClass, TerminateProcess, WriteConsoleA, VirtualQuery, GetCurrentThreadId, WriteConsoleW, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, GetExitCodeProcess, QueryPerformanceCounter, GetTickCount, IsBadWritePtr, TlsAlloc, VirtualProtect, FlsSetValue, lstrcmpiW, GetStartupInfoA, GetDateFormatA, RtlPcToFileHeader, GetWindowsDirectoryW, GetFileSize, GlobalDeleteAtom, OpenProcess, SetEvent, WaitForMultipleObjects, GetProcessHeap, CompareStringW, GlobalReAlloc, lstrcmpA, FindNextFileW, RtlLookupFunctionEntry, ResetEvent, FindFirstFileW, lstrcmpW, GetProcAddress, GetTempPathW, CreateEventW, CreateFileW, GetFileType, TlsSetValue, CreateFileA, ExitProcess, LeaveCriticalSection, GetLastError, LocalReAlloc, LCMapStringW, GetSystemInfo, lstrlenA, GlobalFree, GetConsoleCP, FindResourceW, LCMapStringA, GetThreadLocale, GetEnvironmentStringsW, GlobalUnlock, GlobalAlloc, lstrlenW, GetEnvironmentStrings, GetCurrentProcessId, LockResource, GetCommandLineW, HeapQueryInformation, GetCPInfo, HeapSize, FlsAlloc, GetCommandLineA, FlsFree, CancelIo, SuspendThread, GetSystemDefaultLangID, QueryPerformanceFrequency, CompareStringA, SetFilePointer, ReadFile, GlobalFlags, RtlCaptureContext, CloseHandle, GetACP, GlobalLock, GetModuleHandleW, SizeofResource, IsValidCodePage, HeapCreate, FindResourceExW, Sleep, IsBadReadPtr, VirtualAlloc, GetOEMCP, GetTimeFormatA

[[WINSPOOL.DRV]]

GetPrinterDataExW, DocumentPropertiesW, EnumPortsW, SetPrinterW, EnumPrintersW, XcvDataW, ClosePrinter, OpenPrinterW

[[ADVAPI32.dll]]

SetSecurityDescriptorOwner, RegCreateKeyExW, RegCloseKey, CopySid, GetSecurityDescriptorControl, GetAce, OpenServiceW, ControlService, InitializeAcl, RegDeleteKeyW, DeleteService, RegCreateKeyW, GetAclInformation, RegQueryValueExW, SetSecurityDescriptorDacl, CloseServiceHandle, ChangeServiceConfig2W, RegisterEventSourceW, DeregisterEventSource, MakeAbsoluteSD, AddAccessAllowedAce, RegOpenKeyExW, GetSecurityDescriptorOwner, LookupAccountNameW, ConvertSidToStringSidW, CreateServiceW, GetTokenInformation, SetServiceStatus, IsValidSid, RegQueryInfoKeyW, GetSecurityDescriptorDacl, RegEnumKeyExW, GetSecurityDescriptorSacl, GetSidSubAuthority, GetLengthSid, InitializeSid, CreateProcessAsUserW, RegDeleteValueW, RevertToSelf, RegSetValueExW, ConvertSecurityDescriptorToStringSecurityDescriptorW, SetSecurityDescriptorGroup, GetSidLengthRequired, OpenSCManagerW, ReportEventW, InitializeSecurityDescriptor, RegisterServiceCtrlHandlerExW, GetSecurityDescriptorGroup, ImpersonateLoggedOnUser, AddAce

[[ole32.dll]]

CoInitializeEx, CoUninitialize, CoTaskMemAlloc, CoRegisterClassObject, CoCreateInstance, CoSuspendClassObjects, CoTaskMemRealloc, CoRevokeClassObject, CoInitializeSecurity, CoResumeClassObjects, CoTaskMemFree, StringFromGUID2

[[sETUPAPI.dll]]

SetupDiSetSelectedDevice, SetupDiOpenDevRegKey, SetupDiRemoveDevice, SetupDiSetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW, SetupGetLineCountW, SetupGetFieldCount, SetupDiGetDriverInfoDetailW, SetupDiDestroyDeviceInfoList, SetupDiCallClassInstaller, SetupDiSetSelectedDriverW, SetupDiSetClassInstallParamsW, SetupDiGetSelectedDriverW, SetupOpenInfFileW, SetupDiBuildDriverInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDevRegKeyW, SetupDiClassGuidsFromNameW, SetupDiSetDeviceInstallParamsW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceInstanceIdW, SetupGetLineTextW, SetupGetLineByIndexW, SetupDiOpenClassRegKey, SetupDiDestroyDriverInfoList, SetupDiCreateDeviceInfoList, SetupGetStringFieldW, SetupCloseInfFile

[[OLEACC.dll]]

CreateStdAccessibleObject, LresultFromObject

PE Exports....................:

DllCanUnloadNow, DllRegisterServer, DllUnregisterServer, MapNetworkDrive, ServiceMain, UnmapNetworkDrive

PE Resources..................:

Resource type Number of resources

RT_STRING 23

REGISTRY 4

RT_MANIFEST 1

TYPELIB 1

RT_VERSION 1

Resource language Number of resources

NEUTRAL 4

TURKISH DEFAULT 3

ENGLISH US 2

HEBREW DEFAULT 1

SWEDISH 1

DUTCH 1

FRENCH 1

CHINESE SIMPLIFIED 1

CZECH DEFAULT 1

ITALIAN 1

NORWEGIAN BOKMAL 1

PORTUGUESE BRAZILIAN 1

SPANISH NEUTRAL 1

FINNISH DEFAULT 1

KOREAN 1

HUNGARIAN DEFAULT 1

POLISH DEFAULT 1

JAPANESE DEFAULT 1

DANISH DEFAULT 1

GREEK DEFAULT 1

CHINESE TRADITIONAL 1

GERMAN NEUTRAL 1

ARABIC SAUDI ARABIA 1

RUSSIAN 1

Symantec Reputation

Suspicious.Insight

First seen by VirusTotal

2009-12-03 06:00:58 UTC ( 3 years, 2 months ago )

Last seen by VirusTotal

2013-02-15 22:34:47 UTC ( 1 minute ago )

File names (max. 25)

  • < >HPSLP__.DLL HPSLPSVC64.DLL hpslpsvc64.dll.926C3A5D_FE10_435B_9448_0ADCA90BAB80
  • HPSLP__

Pasted from <https://www.virustotal.com/en/file/13c32575f1bd5d75067b288d1669ae1f1829b434f97cb211ec3c189f7d2d7c38/analysis/1360967687/>

Link to post
Share on other sites

Hello Woe_is_Me_n_myPC,

OK all good.

Please download aswMBR by gmer to your Desktop.

  • Please visit this site for instructions on how to run the tool.
  • Once familiar with this tool, double click aswMBR.exe to run it.
  • Click the Scan button to start the scan.
  • Once the scan has completed, please save the aswMBR.txt log to the Desktop and post it in your next reply.

=====

Also, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.
    Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

=====

In your reply please provide the contents of both logs.

Link to post
Share on other sites

Hi DarkKnight,

Just to clarify: for aswMBR, I should run ONLY the scan, but not the other processes mentioned in the aswMBR instructions ('How to Fix,' 'fix ZeroAccess/Sirefef driver infection,' 'verify **SUSPICIOUS** file' and 'change active partition.')

??

Thanks!

~Karen

Woe_is_Me_n_myPC

Link to post
Share on other sites

DarkKnight, here is the aswMBR log. TDSSKiller log in coming in a second post.

No issues with either scan (that I can see)!

~Karen

Woe_is_Me_n_myPC`

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-15 23:46:03

-----------------------------

23:46:03.965 OS Version: Windows x64 6.1.7601 Service Pack 1

23:46:03.965 Number of processors: 4 586 0x2502

23:46:03.965 ComputerName: LAPTOP UserName:

23:46:06.773 Initialize success

23:47:15.649 AVAST engine defs: 13021501

23:47:28.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:47:28.363 Disk 0 Vendor: FUJITSU_ 0084 Size: 305245MB BusType: 3

23:47:28.363 Disk 0 MBR read successfully

23:47:28.379 Disk 0 MBR scan

23:47:28.379 Disk 0 Windows 7 default MBR code

23:47:28.410 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048

23:47:28.472 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304041 MB offset 2459648

23:47:28.550 Disk 0 scanning C:\Windows\system32\drivers

23:47:50.468 Service scanning

23:48:56.768 Modules scanning

23:48:56.768 Disk 0 trace - called modules:

23:48:56.831 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

23:48:56.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800524b060]

23:48:57.361 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004f74410]

23:48:57.361 5 ACPI.sys[fffff88000f5f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f77050]

23:48:58.469 AVAST engine scan C:\Windows

23:49:05.317 AVAST engine scan C:\Windows\system32

23:54:59.144 AVAST engine scan C:\Windows\system32\drivers

23:55:28.926 AVAST engine scan C:\Users\Christian

01:36:13.547 AVAST engine scan C:\ProgramData

05:20:47.770 Scan finished successfully

09:19:11.601 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"

09:19:11.663 The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"

Link to post
Share on other sites

Howdy Woe_is_Me_n_myPC,

Your logs are coming back clean so please do this scan.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites

Hi DarkKnight,

Looks like I have some sort of issue with Windows Defender...I've not yet checked it out; see the FSS.txt log below.

I am not experiencing any severe performance issues at this time, other than some sluggishness, but a couple of items to note:

  • I received an Adobe Flashplayer update available dialog today upon the reboot prompted while running TDSSKiller. I don't recall ever having seen this after a restart. (I opted out of the update.)
  • Beginning today, the back button in IE no longer works when using Google. A quick search indicated this is a known issue and the solution isn't clear. I was on my way out the door and did not have time to pursue that issue. Regardless, I wouldn't want to make any changes at this point without conferring with you.
  • Beginning today, I can no longer search from the address bar. Haven't looked into this yet.
  • Microsoft Security Essentials History shows many Quarantined items that have never been removed, and apparently the date refreshes to the current time/date whenever the History tab is clicked. When I choose All detected items on the History tab, I see three Java Exploits, two from 2-3-2013 and one dated 2-14-2013, with 'Action taken' as 'Quarantined.' I viewed the files at C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine\Entries, and there are 273 items in that folder dated 1/30, 1/31 and 2/3. None are dated 2/14 however. (On the initial date of infection, 1/29/2013, I removed everything MSE quarantined, but I stopped doing that as of the 30th.)
  • MSE had a Full Scan scheduled for four hours from now (it is set for weekly). I have disabled that full scan until we have completed our work.

I couldn't be more pleased with the clean reports...are we there yet? Or getting there? :)

~Karen

Woe_is_Me_n_myPC

Farbar Service Scanner Version: 15-02-2013

Ran by Karen Diamond (administrator) on 16-02-2013 at 21:28:41

Running from "C:\Users\Christian\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-02-13 19:06] - [2013-01-03 00:00] - 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites